logrotate(8) and copytruncate as default

P J P pj.pandit at yahoo.co.in
Thu Jun 27 11:54:03 UTC 2013


Recently I've seen multiple issues related to new file creation by logrotate(8).
A race condition described by [1], between creation of a new file and setting
file permissions and acl(5).  Another I came across in ndjbdns [2], as it continued
to write to an open, but rotated log file.

Wouldn't it be better to make 'copytruncate' as default behaviour for logrotate(8)?
Instead of renaming an old file and creating a new one.
[1] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1098
[2] https://github.com/pjps/ndjbdns/commit/be5fd0c90376b5c89e5b5dc3d57f64d905afe519

Thank you. 


More information about the devel mailing list