On 2004-02-15, Joey Hess penned: > > Monique Y. Herman wrote: >> 3) Permissions. The logrotate app is only executable by root on my >> box. I'm trying to imagine the situation in which giving a normal >> user access to logrotate would hurt anything, as long as logs have >> appropriate permissions. Could the paranoid among us speak up and >> educate me? > > That would be a violation of debian policy, and is not the case on any > of my systems. > > -rwxr-xr-x 1 root root 33K Oct 9 2002 > /usr/sbin/logrotate* >
Well, Bastille locked those permissions down for me. The question is, was Bastille being overly paranoid, or can logrotate be exploited when it's world-executable? -- monique -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
