Ubuntu
upstart package

Merge lp:~jamesodhunt/ubuntu/vivid/upstart/bug-1425685-additional into lp:ubuntu/vivid/upstart

  1. Vivid (15.04)
  2. bug-1425685-additional
  3. Merge into vivid
Proposed by James Hunt
Status: Merged
Merged at revision: 1610
Proposed branch: lp:~jamesodhunt/ubuntu/vivid/upstart/bug-1425685-additional
Merge into: lp:ubuntu/vivid/upstart
Diff against target: 40 lines (+18/-1)
2 files modified
debian/changelog (+8/-0)
debian/upstart-bin.upstart.cron.daily (+10/-1)
To merge this branch: bzr merge lp:~jamesodhunt/ubuntu/vivid/upstart/bug-1425685-additional
Reviewer Review Type Date Requested Status
Colin Watson Approve
Review via email: mp+251087@code.launchpad.net

Description of the change

* debian/upstart-bin.upstart.cron.daily: Ensure the session uid matches that
  of the session file itself to stop a user forcing the logrotation of
  another users logs.

To post a comment you must log in.
Revision history for this message
Colin Watson (cjwatson) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2015-02-26 12:34:53 +0000
3+++ debian/changelog 2015-02-26 14:03:28 +0000
4@@ -1,3 +1,11 @@
5+upstart (1.13.2-0ubuntu9) UNRELEASED; urgency=medium
6+
7+ * debian/upstart-bin.upstart.cron.daily: Ensure the session uid matches that
8+ of the session file itself to stop a user forcing the logrotation of
9+ another users logs.
10+
11+ -- James Hunt <james.hunt@ubuntu.com> Thu, 26 Feb 2015 13:58:32 +0000
12+
13 upstart (1.13.2-0ubuntu8) vivid; urgency=medium
14
15 * debian/upstart-bin.upstart.cron.daily:
16
17=== modified file 'debian/upstart-bin.upstart.cron.daily'
18--- debian/upstart-bin.upstart.cron.daily 2015-02-26 12:22:49 +0000
19+++ debian/upstart-bin.upstart.cron.daily 2015-02-26 14:03:28 +0000
20@@ -16,10 +16,19 @@
21 [ -f "$file" ] || continue
22 [ -h "$file" ] && continue
23
24+ file_uid=$(stat -c %u "$file")
25+ [ -n "$file_uid" ] || continue
26+
27 session=$(grep \
28 "^UPSTART_SESSION=unix:abstract=/com/ubuntu/upstart-session/[0-9][0-9]*/[0-9][0-9]*$" \
29 "$file" 2>/dev/null || true)
30- [ -z "$session" ] && continue
31+ [ -n "$session" ] || continue
32+
33+ session_uid=$(echo "$session" | cut -d\/ -f5)
34+ [ -n "$session_uid" ] || continue
35+
36+ # Don't allow a user to spoof logrotation for another user.
37+ [ "$file_uid" = "$session_uid" ] || continue
38
39 env -i "$session" /sbin/initctl emit rotate-logs >/dev/null 2>&1 || true
40 done

Subscribers

People subscribed via source and target branches

to all changes: