[systemd-commits] 2 commits - src/journal
Lennart Poettering
lennart at kemper.freedesktop.org
Tue Mar 5 05:28:23 PST 2013
src/journal/journald-server.c | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
New commits:
commit 40adcda869bda55f44b57fd3a2bd71d006dfb51b
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Mar 5 14:27:34 2013 +0100
journald: be a bit more careful when spitting up journals by user id
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index dcfdeaf..b46a2f6 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -670,10 +670,19 @@ static void dispatch_message_real(
assert(n <= m);
if (s->split_mode == SPLIT_UID && realuid > 0)
+ /* Split up strictly by any UID */
journal_uid = realuid;
- else if (s->split_mode == SPLIT_LOGIN && owner_valid && owner > 0)
+ else if (s->split_mode == SPLIT_LOGIN && owner_valid && owner > 0 && realuid > 0)
+ /* Split up by login UIDs, this avoids creation of
+ * individual journals for system UIDs. We do this
+ * only if the realuid is not root, in order not to
+ * accidentally leak privileged information logged by
+ * a privileged process that is part of an
+ * unprivileged session to the user. */
journal_uid = owner;
- else if (s->split_mode == SPLIT_LOGIN && loginuid_valid && loginuid > 0)
+ else if (s->split_mode == SPLIT_LOGIN && loginuid_valid && loginuid > 0 && realuid > 0)
+ /* Hmm, let's try via the audit uids, as fallback,
+ * just in case */
journal_uid = loginuid;
else
journal_uid = 0;
commit 8a0889dfdafa3054c894e54852d8a9e3a7e8390b
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Mar 5 14:23:22 2013 +0100
journald: check session owner UID rather then audit ID when splitting up journal files
We should always go by our own cgroup hierarchy before using foreign
schemes such as audit, so let's do that for the split out logic too.
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 5457607..dcfdeaf 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -515,9 +515,8 @@ static void dispatch_message_real(
sd_id128_t id;
int r;
char *t;
- uid_t loginuid = 0, realuid = 0;
- uid_t journal_uid;
- bool loginuid_valid = false;
+ uid_t loginuid = 0, realuid = 0, owner = 0, journal_uid;
+ bool loginuid_valid = false, owner_valid = false;
assert(s);
assert(iovec);
@@ -526,9 +525,6 @@ static void dispatch_message_real(
if (ucred) {
uint32_t audit;
-#ifdef HAVE_LOGIND
- uid_t owner;
-#endif
realuid = ucred->uid;
@@ -598,9 +594,11 @@ static void dispatch_message_real(
IOVEC_SET_STRING(iovec[n++], session);
}
- if (sd_pid_get_owner_uid(ucred->uid, &owner) >= 0)
+ if (sd_pid_get_owner_uid(ucred->uid, &owner) >= 0) {
+ owner_valid = true;
if (asprintf(&owner_uid, "_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner) >= 0)
IOVEC_SET_STRING(iovec[n++], owner_uid);
+ }
#endif
if (cg_pid_get_unit(ucred->pid, &t) >= 0) {
@@ -673,7 +671,9 @@ static void dispatch_message_real(
if (s->split_mode == SPLIT_UID && realuid > 0)
journal_uid = realuid;
- else if (s->split_mode == SPLIT_LOGIN && loginuid > 0 && loginuid_valid)
+ else if (s->split_mode == SPLIT_LOGIN && owner_valid && owner > 0)
+ journal_uid = owner;
+ else if (s->split_mode == SPLIT_LOGIN && loginuid_valid && loginuid > 0)
journal_uid = loginuid;
else
journal_uid = 0;
More information about the systemd-commits
mailing list