X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fjournal%2Fjournald-server.c;h=ac565c7ece96ce1b1bbf57962c9fe04467ddea1e;hb=f2d88580b50e3c173dcc2838f92fa85291bc5495;hp=dcfdeaf68eb261d196220eb6ed14124687dbae49;hpb=8a0889dfdafa3054c894e54852d8a9e3a7e8390b;p=elogind.git diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index dcfdeaf68..ac565c7ec 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -174,7 +174,7 @@ static uint64_t available_space(Server *s) { } static void server_read_file_gid(Server *s) { - const char *adm = "adm"; + const char *g = "systemd-journal"; int r; assert(s); @@ -182,9 +182,9 @@ static void server_read_file_gid(Server *s) { if (s->file_gid_valid) return; - r = get_group_creds(&adm, &s->file_gid); + r = get_group_creds(&g, &s->file_gid); if (r < 0) - log_warning("Failed to resolve 'adm' group: %s", strerror(-r)); + log_warning("Failed to resolve '%s' group: %s", g, strerror(-r)); /* if we couldn't read the gid, then it will be 0, but that's * fine and we shouldn't try to resolve the group again, so @@ -515,8 +515,8 @@ static void dispatch_message_real( sd_id128_t id; int r; char *t; - uid_t loginuid = 0, realuid = 0, owner = 0, journal_uid; - bool loginuid_valid = false, owner_valid = false; + uid_t realuid = 0, owner = 0, journal_uid; + bool owner_valid = false; assert(s); assert(iovec); @@ -525,6 +525,7 @@ static void dispatch_message_real( if (ucred) { uint32_t audit; + uid_t loginuid; realuid = ucred->uid; @@ -570,11 +571,9 @@ static void dispatch_message_real( IOVEC_SET_STRING(iovec[n++], audit_session); r = audit_loginuid_from_pid(ucred->pid, &loginuid); - if (r >= 0) { - loginuid_valid = true; + if (r >= 0) if (asprintf(&audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid) >= 0) IOVEC_SET_STRING(iovec[n++], audit_loginuid); - } t = shortened_cgroup_path(ucred->pid); if (t) { @@ -621,9 +620,7 @@ static void dispatch_message_real( if (label) { selinux_context = malloc(sizeof("_SELINUX_CONTEXT=") + label_len); if (selinux_context) { - memcpy(selinux_context, "_SELINUX_CONTEXT=", sizeof("_SELINUX_CONTEXT=")-1); - memcpy(selinux_context+sizeof("_SELINUX_CONTEXT=")-1, label, label_len); - selinux_context[sizeof("_SELINUX_CONTEXT=")-1+label_len] = 0; + *((char*) mempcpy(stpcpy(selinux_context, "_SELINUX_CONTEXT="), label, label_len)) = 0; IOVEC_SET_STRING(iovec[n++], selinux_context); } } else { @@ -633,7 +630,6 @@ static void dispatch_message_real( selinux_context = strappend("_SELINUX_CONTEXT=", con); if (selinux_context) IOVEC_SET_STRING(iovec[n++], selinux_context); - freecon(con); } } @@ -670,11 +666,16 @@ static void dispatch_message_real( assert(n <= m); if (s->split_mode == SPLIT_UID && realuid > 0) + /* Split up strictly by any UID */ journal_uid = realuid; - else if (s->split_mode == SPLIT_LOGIN && owner_valid && owner > 0) + else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0) + /* Split up by login UIDs, this avoids creation of + * individual journals for system UIDs. We do this + * only if the realuid is not root, in order not to + * accidentally leak privileged information to the + * user that is logged by a privileged process that is + * part of an unprivileged session.*/ journal_uid = owner; - else if (s->split_mode == SPLIT_LOGIN && loginuid_valid && loginuid > 0) - journal_uid = loginuid; else journal_uid = 0;