On Sat, Oct 29, 2005 at 03:10:51AM +0200, TsT wrote: > My proposed Fix: > > - if [[ $(wc -c < "$file") -lt $(tail -n 1 "$offsetfile") ]]; then > > + INODEOFFSET=$(head -n 1 < $offsetfile) > + #INODEFILE=$(ls -id $file) ;# not run with symlink. > + INODEFILE=$(find $file -follow -printf "%i") > + if [[ $INODEFILE -eq $INODEOFFSET ]]; then >
This is looking like a potentially good solution. The thing is, even our rotation code will only look at file.0, so one could attack and then spam syslog for 2 files and be in the clear. I think what we really need is something to handle multiple rotated files, and in that case, it might be better to extend logtail instead. Cheers, -- Todd Troxell http://rapidpacket.com/~xtat -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
