oss-sec mailing list archives
perl-Razor-Agent logs to /razor-agent.log by default
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 12 Oct 2014 10:19:40 -0600
So today I was logged into some mail servers and ls -la / and had a minor panic: -rw-r--r--. 1 root root 2275 Oct 12 04:15 razor-agent.log Generally speaking I'm not expecting log files in / unless it's some sort of malware. A brief investigation and no panic, it's the perl-Razor-Agent, which on RHEL/Fedora is supposed to log to /var/log/razor-agent.log but doesn't due to some HOME shenanigans: https://bugzilla.redhat.com/show_bug.cgi?id=1058772 This log file grows slowly, basically one entry per day/reboot: Oct 12 16:13:17.347744 check[835]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to file:razor-agent.log but it won't ever get logrotated, and on a system with a very tight /, e.g. a cloud system maybe using immutable images that only have a few spare k on / (and /var/log/ on another partition or whatever) this could be an issue. I'm inclined to not call this a DoS as even over a year it'll only be a few tens of kb, and it doesn't appear that the attacker can trigger faster growth, but I can see situations where this could be a problem. -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- perl-Razor-Agent logs to /razor-agent.log by default Kurt Seifried (Oct 12)
- Re: perl-Razor-Agent logs to /razor-agent.log by default cve-assign (Oct 12)
- Re: Re: perl-Razor-Agent logs to /razor-agent.log by default Kurt Seifried (Oct 12)
- Re: perl-Razor-Agent logs to /razor-agent.log by default cve-assign (Oct 12)