Bug#304978: [Logcheck-devel] Bug#304978: Failed to get lockfile: /var/lock/logcheck.lock

Mon Apr 18 07:31:14 UTC 2005

On Sun, 17 Apr 2005, Rainer Zocholl wrote:

> Everytime(!) i upgrade debian logcheck i run into the error
> that logcheck is trying to generate its lockfile at a
> forbidden location.
> The error message/mail is a bit missleading too.

on debian systems by default belows dir is writable for world:
ls -ld /var/lock
drwxrwxrwt  4 root root 4096 2005-04-18 09:02 /var/lock

> When will that error be fixed? (I think i reported it already several
> weeks a ago).

care to add a pointer to that report?
well your system seems broken, you can fix its permissions easily.

[further rant snipped] 
> Is it a so common (dangerous) practise to allow every body to
> litter "/var/lock" with its private lockfiles? Allowing everybody
> to place a link to an unwanted file with the name of
> a root lock file? So when root changes the (old) lock, it
> changes the "unwanted" file too etc... or it's easy to block root
> by placing a lock file with the same name root would test when
> everybody can write to "/var/lock".

well it's a bit hard to follow aboves flow. i try to summarize
* if /var/lock is not world writable, one should have a dir below
  for one owns needs.
* if /var/lock is world writable, one could block logcheck runs.

> Decription:
> 
> After update logcheck i always get this error mail:
> 
> ------------------------------------------------------------
> 
> Warning: If you are seeing this message, your log files may not have been
> checked!
> 
> Details:
> Failed to get lockfile: /var/lock/logcheck.lock
> 
> Check temporary directory:
> 
> declare -x HOME="/var/lib/logcheck"
> declare -x LOGNAME="logcheck"
> declare -x MAILTO="root"
> declare -x OLDPWD
> declare -x PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
> declare -x PWD="/var/lib/logcheck"
> declare -x SHELL="/bin/sh"
> declare -x SHLVL="2"
> 
> -----------------------------------------------------------------------

that mail is pretty clear.
why is it misleading?

> Solution:
> 
> you must edit the script(!) as logcheck has as security flaw
> and tries to place it's lock file under /var/lock/ which is
> -of course- only allowed for root!

wrong assumption for any sarge default install.

> You must create a directory "logcheck" under /var/lock/
> 
> mkdir /var/lock/logcheck
> chown logcheck:logcheck /var/lock/logcheck
> chmod 755 /var/lock/logcheck

todd what do you think about that dir?
sounds ok for me,
but i don't get why you paranoid guy show your logcheck run
to world, why not use 750 above??

> And edit the script(!) like this:
> 
> 
> [23:29:49]yoda:/etc/logcheck# diff -Nau /usr/sbin/logcheck /usr/sbin/logcheck.ori
> --- /usr/sbin/logcheck  2005-04-16 23:29:36.000000000 +0200
> +++ /usr/sbin/logcheck.ori      2005-04-03 01:00:14.000000000 +0200
> @@ -81,7 +81,7 @@
>  SORTUNIQ=0
>  SUPPORT_CRACKING_IGNORE=0
>  SYSLOGSUMMARY=0
> -LOCKFILE="/var/lock/logcheck/logcheck"
> +LOCKFILE="/var/lock/logcheck"
> 
>  # Carry out the clean up tasks
>  cleanup() {

hehe, you diffed in the wrong order.
but anyway that part is clear.

> --------------------------------------------------------------
> 
> 
> Maybe it would ease use a lot if "LOCKFILE" is 
> set in /etc/logcheck/logcheck.conf too?

no,
that file is already long enough,
we don't want stupid config options for the user.
that should just work on runtime.

--
maks

ps i don't get your nospam stuff,
perhaps you'll read your bug report.