newsyslog(8) patch for both size and time checks
Dmitry Morozovsky
marck at rinet.ru
Wed May 13 07:45:39 UTC 2009
On Tue, 12 May 2009, Garance A Drosehn wrote:
GAD> > for now, if log is configured to be rotated in time manner, its size is
GAD> > not
GAD> > checked, so /var/log may be DoSed by some service (in our case, it was
GAD> > mad DHCP client which fills up our /var/log with dhcpd log; our
GAD> > newsyslog.conf
GAD> > line was
GAD> >
GAD> > /var/log/dhcpd 640 5 5000 @T00 JC
GAD> >
GAD> > The following simple patch should fix the problem. Any objection to
GAD> > commit
GAD> > this?
GAD>
GAD> It would fix your problem, but it changes the behavior as is explicitly
GAD> documented in 'man newsyslog.conf' . There is a paragraph in the man
GAD> page which makes it clear that if both fields are specified, then the
GAD> log file will only be rotated if both conditions are true.
Nope, there is statement about time/interval combination, and size is not
mentioned:
== 8< ==
When both a time and an interval are specified then both conditions must be
satisfied for the rotation to take place.
== 8< ==
Also, I can't find anything about expected behaviour in the standards...
GAD> I agree that newsyslog needs some way to specify an "either/or"
GAD> combination of those fields. I believe I have some time to look into
GAD> changes to newsyslog right this week, so I'll see what is needed to
GAD> address this issue.
Thank you for looking into this.
--
Sincerely,
D.Marck [DM5020, MCK-RIPE, DM3-RIPN]
[ FreeBSD committer: marck at FreeBSD.org ]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck at rinet.ru ***
------------------------------------------------------------------------
More information about the freebsd-current
mailing list