Package: udevil Version: 0.4.4-1 Severity: normal I want to log every use of udevil, and I'm trying to use logrotate to handle the log as well. For this reason I have the following set in udevil.conf:
log_file = /var/log/udevil.log log_keep_days = 0 By default, udevil creates the logfile with root:[group of the invoking user] with mode 0700. The mode is also reset at each invocation. This is doubly wrong: permissions should be 600 at best. If the file already exists, existing mode and permissions *must* be kept. Looking at udevil.c:dump_log, I would argue that the chmod() call at the end should be removed in favor of a strict umask before the fopen() call. This avoids the current race that the logfile might have different permissions while it's being written. On a side note, the idea that udevil itself would expire individual entries by re-reading its entried from the text file is troubling. I would argue that this should never be done in udevil itself, and the (commented) default of log_keep_days in be set to 0. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (900, 'unstable'), (800, 'experimental'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages udevil depends on: ii libc6 2.21-9 ii libglib2.0-0 2.46.2-3 ii libudev1 229-2 Versions of packages udevil recommends: pn pmount <none> pn udisks2 <none> pn zenity <none> Versions of packages udevil suggests: pn cifs-utils <none> ii curlftpfs 0.9.2-9 pn eject <none> ii sshfs 2.5-1 -- Configuration Files: /etc/udevil/udevil.conf changed [not included]
