X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fjournal%2Fjournald-server.c;h=ac565c7ece96ce1b1bbf57962c9fe04467ddea1e;hb=1b12a7b5896f94bdf33b3a6661ebabd761ea6adc;hp=c8a6285a84bba9660836f690cc34cc30834d0229;hpb=d288f79fb4a2fe4a93cf99f74dacd2cebd3f2440;p=elogind.git diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index c8a6285a8..ac565c7ec 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -174,7 +174,7 @@ static uint64_t available_space(Server *s) { } static void server_read_file_gid(Server *s) { - const char *adm = "adm"; + const char *g = "systemd-journal"; int r; assert(s); @@ -182,9 +182,9 @@ static void server_read_file_gid(Server *s) { if (s->file_gid_valid) return; - r = get_group_creds(&adm, &s->file_gid); + r = get_group_creds(&g, &s->file_gid); if (r < 0) - log_warning("Failed to resolve 'adm' group: %s", strerror(-r)); + log_warning("Failed to resolve '%s' group: %s", g, strerror(-r)); /* if we couldn't read the gid, then it will be 0, but that's * fine and we shouldn't try to resolve the group again, so @@ -515,9 +515,8 @@ static void dispatch_message_real( sd_id128_t id; int r; char *t; - uid_t loginuid = 0, realuid = 0; - uid_t journal_uid; - bool loginuid_valid = false; + uid_t realuid = 0, owner = 0, journal_uid; + bool owner_valid = false; assert(s); assert(iovec); @@ -526,9 +525,7 @@ static void dispatch_message_real( if (ucred) { uint32_t audit; -#ifdef HAVE_LOGIND - uid_t owner; -#endif + uid_t loginuid; realuid = ucred->uid; @@ -574,11 +571,9 @@ static void dispatch_message_real( IOVEC_SET_STRING(iovec[n++], audit_session); r = audit_loginuid_from_pid(ucred->pid, &loginuid); - if (r >= 0) { - loginuid_valid = true; + if (r >= 0) if (asprintf(&audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid) >= 0) IOVEC_SET_STRING(iovec[n++], audit_loginuid); - } t = shortened_cgroup_path(ucred->pid); if (t) { @@ -598,9 +593,11 @@ static void dispatch_message_real( IOVEC_SET_STRING(iovec[n++], session); } - if (sd_pid_get_owner_uid(ucred->uid, &owner) >= 0) + if (sd_pid_get_owner_uid(ucred->uid, &owner) >= 0) { + owner_valid = true; if (asprintf(&owner_uid, "_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner) >= 0) IOVEC_SET_STRING(iovec[n++], owner_uid); + } #endif if (cg_pid_get_unit(ucred->pid, &t) >= 0) { @@ -623,9 +620,7 @@ static void dispatch_message_real( if (label) { selinux_context = malloc(sizeof("_SELINUX_CONTEXT=") + label_len); if (selinux_context) { - memcpy(selinux_context, "_SELINUX_CONTEXT=", sizeof("_SELINUX_CONTEXT=")-1); - memcpy(selinux_context+sizeof("_SELINUX_CONTEXT=")-1, label, label_len); - selinux_context[sizeof("_SELINUX_CONTEXT=")-1+label_len] = 0; + *((char*) mempcpy(stpcpy(selinux_context, "_SELINUX_CONTEXT="), label, label_len)) = 0; IOVEC_SET_STRING(iovec[n++], selinux_context); } } else { @@ -635,7 +630,6 @@ static void dispatch_message_real( selinux_context = strappend("_SELINUX_CONTEXT=", con); if (selinux_context) IOVEC_SET_STRING(iovec[n++], selinux_context); - freecon(con); } } @@ -671,12 +665,19 @@ static void dispatch_message_real( assert(n <= m); - if (s->split_mode == SPLIT_NONE) - journal_uid = 0; - else if (s->split_mode == SPLIT_UID || realuid == 0 || !loginuid_valid) + if (s->split_mode == SPLIT_UID && realuid > 0) + /* Split up strictly by any UID */ journal_uid = realuid; + else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0) + /* Split up by login UIDs, this avoids creation of + * individual journals for system UIDs. We do this + * only if the realuid is not root, in order not to + * accidentally leak privileged information to the + * user that is logged by a privileged process that is + * part of an unprivileged session.*/ + journal_uid = owner; else - journal_uid = loginuid; + journal_uid = 0; write_to_journal(s, journal_uid, iovec, n); }