From owner-freebsd-current@FreeBSD.ORG Tue May 12 10:09:28 2009 Return-Path: Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E125B106564A; Tue, 12 May 2009 10:09:28 +0000 (UTC) (envelope-from marck@rinet.ru) Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68]) by mx1.freebsd.org (Postfix) with ESMTP id 68DB58FC1A; Tue, 12 May 2009 10:09:27 +0000 (UTC) (envelope-from marck@rinet.ru) Received: from localhost (localhost [127.0.0.1]) by woozle.rinet.ru (8.14.3/8.14.3) with ESMTP id n4C9x9VW002174; Tue, 12 May 2009 13:59:09 +0400 (MSD) (envelope-from marck@rinet.ru) Date: Tue, 12 May 2009 13:59:09 +0400 (MSD) From: Dmitry Morozovsky To: freebsd-current@FreeBSD.org Message-ID: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-NCC-RegID: ru.rinet X-OpenPGP-Key-ID: 6B691B03 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (woozle.rinet.ru [0.0.0.0]); Tue, 12 May 2009 13:59:09 +0400 (MSD) Cc: gad@FreeBSD.org Subject: newsyslog(8) patch for both size and time checks X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2009 10:09:29 -0000 Dear colleagues, for now, if log is configured to be rotated in time manner, its size is not checked, so /var/log may be DoSed by some service (in our case, it was mad DHCP client which fills up our /var/log with dhcpd log; our newsyslog.conf line was /var/log/dhcpd 640 5 5000 @T00 JC The following simple patch should fix the problem. Any objection to commit this? Thanks. Index: usr.sbin/newsyslog/newsyslog.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/newsyslog/newsyslog.c,v retrieving revision 1.107.2.1 diff -u -r1.107.2.1 newsyslog.c --- usr.sbin/newsyslog/newsyslog.c 8 Mar 2008 01:00:25 -0000 1.107.2.1 +++ usr.sbin/newsyslog/newsyslog.c 12 May 2009 09:48:00 -0000 @@ -466,7 +466,8 @@ printf("does not exist, skipped%s.\n", temp_reason); } } else { - if (ent->flags & CE_TRIMAT && !force && !rotatereq) { + if ((ent->trsize < 0 || ent->fsize < ent->trsize) && + ent->flags & CE_TRIMAT && !force && !rotatereq) { diffsecs = ptimeget_diff(timenow, ent->trim_at); if (diffsecs < 0.0) { /* trim_at is some time in the future. */ -- Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck@FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------