chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
8a0889d
)
journald: be a bit more careful when spitting up journals by user id
author
Lennart Poettering
<lennart@poettering.net>
Tue, 5 Mar 2013 13:27:34 +0000
(14:27 +0100)
committer
Lennart Poettering
<lennart@poettering.net>
Tue, 5 Mar 2013 13:27:34 +0000
(14:27 +0100)
src/journal/journald-server.c
patch
|
blob
|
history
diff --git
a/src/journal/journald-server.c
b/src/journal/journald-server.c
index dcfdeaf68eb261d196220eb6ed14124687dbae49..b46a2f63b35a0d9529295ece8d2bd1497d6b4293 100644
(file)
--- a/
src/journal/journald-server.c
+++ b/
src/journal/journald-server.c
@@
-670,10
+670,19
@@
static void dispatch_message_real(
assert(n <= m);
if (s->split_mode == SPLIT_UID && realuid > 0)
assert(n <= m);
if (s->split_mode == SPLIT_UID && realuid > 0)
+ /* Split up strictly by any UID */
journal_uid = realuid;
journal_uid = realuid;
- else if (s->split_mode == SPLIT_LOGIN && owner_valid && owner > 0)
+ else if (s->split_mode == SPLIT_LOGIN && owner_valid && owner > 0 && realuid > 0)
+ /* Split up by login UIDs, this avoids creation of
+ * individual journals for system UIDs. We do this
+ * only if the realuid is not root, in order not to
+ * accidentally leak privileged information logged by
+ * a privileged process that is part of an
+ * unprivileged session to the user. */
journal_uid = owner;
journal_uid = owner;
- else if (s->split_mode == SPLIT_LOGIN && loginuid_valid && loginuid > 0)
+ else if (s->split_mode == SPLIT_LOGIN && loginuid_valid && loginuid > 0 && realuid > 0)
+ /* Hmm, let's try via the audit uids, as fallback,
+ * just in case */
journal_uid = loginuid;
else
journal_uid = 0;
journal_uid = loginuid;
else
journal_uid = 0;