logrotate: Make it more robust
In order to make logrotate more robust against manipulated
log directories logrotate was changed to
* add a "su" config option which makes logrotate run
partially as the specified user
* run external helpers like log file compressors as the
user configured with the "su" option
* issue a warning for log directories writable by non-root
users
* not follow symlinks when rotating logs
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5744
Fixed bugs
bnc#677335
VUL-0: CVE-2011-1098: logrotate: issues with service owned directories
CVE#CVE-2011-1550
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotates lack of sup
