Date: Tue, 12 May 2009 13:59:09 +0400 (MSD) From: Dmitry Morozovsky <marck@rinet.ru> To: freebsd-current@FreeBSD.org Cc: gad@FreeBSD.org Subject: newsyslog(8) patch for both size and time checks Message-ID: <alpine.BSF.2.00.0905121354450.1756@woozle.rinet.ru>
next in thread | raw e-mail | index | archive | help
Dear colleagues,
for now, if log is configured to be rotated in time manner, its size is not
checked, so /var/log may be DoSed by some service (in our case, it was mad DHCP
client which fills up our /var/log with dhcpd log; our newsyslog.conf line was
/var/log/dhcpd 640 5 5000 @T00 JC
The following simple patch should fix the problem. Any objection to commit
this?
Thanks.
Index: usr.sbin/newsyslog/newsyslog.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/newsyslog/newsyslog.c,v
retrieving revision 1.107.2.1
diff -u -r1.107.2.1 newsyslog.c
--- usr.sbin/newsyslog/newsyslog.c 8 Mar 2008 01:00:25 -0000 1.107.2.1
+++ usr.sbin/newsyslog/newsyslog.c 12 May 2009 09:48:00 -0000
@@ -466,7 +466,8 @@
printf("does not exist, skipped%s.\n", temp_reason);
}
} else {
- if (ent->flags & CE_TRIMAT && !force && !rotatereq) {
+ if ((ent->trsize < 0 || ent->fsize < ent->trsize) &&
+ ent->flags & CE_TRIMAT && !force && !rotatereq) {
diffsecs = ptimeget_diff(timenow, ent->trim_at);
if (diffsecs < 0.0) {
/* trim_at is some time in the future. */
--
Sincerely,
D.Marck [DM5020, MCK-RIPE, DM3-RIPN]
[ FreeBSD committer: marck@FreeBSD.org ]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru ***
------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0905121354450.1756>