Skip to content

Handle state file symlink #664

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Handle state file symlink #664

wants to merge 1 commit into from

Conversation

cgzones
Copy link
Member

@cgzones cgzones commented Apr 11, 2025
edited
Loading

In case the state file is a symlink override the target and create the temporary file in the targets parent directory instead of the symlink itself.

Only follows one level of symlink.

Improves: #581

@cgzones cgzones added this to the 3.23.0 milestone Apr 11, 2025
@cgzones
Handle state file symlink
0f1cd86 
In case the state file is a symlink override the target and create the
temporary file in the targets parent directory instead of the symlink
itself.

Only follows one level of symlink.

Improves: logrotate#581
kdudka
kdudka requested changes Apr 14, 2025
View reviewed changes
Copy link
Member

@kdudka kdudka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am afraid this would introduce a security weakness in case the symlink (or the directory where it resides) is write-accessible by a non-privileged user. If logrotate runs with root privileges, a non-privileged user would be able to overwrite files they do not have otherwise write access to.

@cgzones cgzones marked this pull request as draft April 15, 2025 15:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kdudka kdudka kdudka requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.23.0
Development

Successfully merging this pull request may close these issues.
2 participants
@cgzones @kdudka