Re: logrotate(8) and copytruncate as default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jun 27, 2013 at 7:58 PM, P J P <pj.pandit@xxxxxxxxxxx> wrote:
> IMHO, renaming a
> file which is being written to by another application does no feel right.
>
>> _Any_ data loss during normal operation is _unacceptable_.
>
>   Sure! As per the experiment so far, there is no data loss at all.

There can be a data loss:
* logrotate reads all contents of file until EOF
* application appends one more data line
* logrotate calls truncate()

No amount of testing can give us confidence that "this can't happen".
In designing concurrently-operating processes, we need invariants and
proofs more than we need experimental data; experimental data is only
useful to the extent that it can demonstrate errors in thinking when
creating the proofs.

>> The rename+create new file+SIGHUP+reopen "protocol" is both safe and
>> widespread.
>
>    Safe? There is a race condition in it for which a CVE has been assigned.

That's not an inherent aspect of the design.  It could have been fixed
and has been fixed.

(And yes, journald solves that by integrating the log rotation with
the log writer, which is a better design, and there's no inherent
reason why rsyslog couldn't be doing something similar.  Then there
are only the dozens? of applications that don't go through syslog at
all and write their own log files to also handle...)
    Mirek
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux