chiark / gitweb /
Make sure we only show authentic coredump messages
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Fri, 21 Jun 2013 01:48:26 +0000 (21:48 -0400)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Fri, 21 Jun 2013 03:03:58 +0000 (23:03 -0400)
Before we only checked the MESSAGE_ID and COREDUMP_UNIT.
Those are both user-controlled fields.

For COREDUMP_USER_UNIT, relax the rules a bit, and also
allow messages from _UID=0.

src/shared/logs-show.c

index 89f67f5..7240f33 100644 (file)
@@ -927,8 +927,8 @@ int add_matches_for_unit(sd_journal *j, const char *unit) {
 
             /* Look for coredumps of the service */
             (r = sd_journal_add_disjunction(j)) ||
-            (r = sd_journal_add_match(j,
-                        "MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1", 0)) ||
+            (r = sd_journal_add_match(j, "MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1", 0)) ||
+            (r = sd_journal_add_match(j, "_UID=0", 0)) ||
             (r = sd_journal_add_match(j, m2, 0)) ||
 
              /* Look for messages from PID 1 about this service */
@@ -965,7 +965,8 @@ int add_matches_for_user_unit(sd_journal *j, const char *unit, uid_t uid) {
                 /* Look for coredumps of the service */
                 (r = sd_journal_add_disjunction(j)) ||
                 (r = sd_journal_add_match(j, m3, 0)) ||
-                (r = sd_journal_add_match(j, m4, 0))
+                (r = sd_journal_add_match(j, m4, 0)) ||
+                (r = sd_journal_add_match(j, "_UID=0", 0))
         );
         return r;
 }