From 94080249995bb9e6b1bbe484777d6434dcbba6de Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 15 Apr 2024 18:27:38 +0200 Subject: Adding upstream version 8.2404.0+dfsg. Signed-off-by: Daniel Baumann --- source/configuration/modules/omfile.rst | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'source/configuration/modules/omfile.rst') diff --git a/source/configuration/modules/omfile.rst b/source/configuration/modules/omfile.rst index b5d1b22..58b5fe7 100644 --- a/source/configuration/modules/omfile.rst +++ b/source/configuration/modules/omfile.rst @@ -316,10 +316,16 @@ For each message, the file name is generated based on the given template. Then, this file is opened. As with the *file* property, data is appended if the file already exists. If the file does not exist, a new file is created. The template given in "templateName" -is just a regular :doc:`rsyslog template <../templates>`, so all -you have full control over how to format the file name. Either file -or dynaFile can be used, but not both. If both are given, dynaFile -will be used. +is just a regular :doc:`rsyslog template <../templates>`, so +you have full control over how to format the file name. + +To avoid path traversal attacks, *you must make sure that the template +used properly escapes file paths*. This is done by using the *securepath* +parameter in the template's property statements, or the *secpath-drop* +or *secpath-replace* property options with the property replacer. + +Either file or dynaFile can be used, but not both. If both are given, +dynaFile will be used. A cache of recent files is kept. Note that this cache can consume quite some memory (especially if large -- cgit v1.2.3