[systemd-devel] [ANNOUNCE] Journal File Format Documentation
Alexander E. Patrakov
patrakov at gmail.com
Tue Oct 23 10:43:35 PDT 2012
2012/10/21 Lennart Poettering <lennart at poettering.net>:
> Heya,
>
> I have now found the time to document the journal file format:
>
> http://www.freedesktop.org/wiki/Software/systemd/journal-files
>
> Comments welcome!
The doc says these two things:
1) The format is designed to be read and written via memory mapping
using multiple mapped windows.
2) A reader should verify all offsets and other data as it reads it.
This includes checking for alignment and range of offsets in the file,
especially before trying to read it via a memory map.
I am worried by the fact that it is not specified what happens if a
reader tries to read a file manipulated by a bad writer. Namely, the
one that repeatedly writes some valid data into the log in order to
lure readers into this area, and then truncates or overwrites it in
hope to trigger a SIGBUS or something worse in readers.
IMHO if a reader cannot trust the concurrent writer of the file to
behave nicely, mmap-based reading should be outright banned. So please
- either establish and document some kind of trust model between the
reader and the writer, or ban mmap-based reading of non-archived
journal files completely.
--
Alexander E. Patrakov
More information about the systemd-devel
mailing list