From 99add6fd0b8f4307ed79256e25f38da318e795c4 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 22 Aug 2012 04:45:17 +0200 Subject: [PATCH] journalctl: complain if unprivileged users attempt to access the journal and persistant logging is off --- TODO | 10 +--------- src/journal/journalctl.c | 14 +++++++++++++- src/journal/journald.c | 10 ++++++---- 3 files changed, 20 insertions(+), 14 deletions(-) diff --git a/TODO b/TODO index 28141ec68..ee90aee73 100644 --- a/TODO +++ b/TODO @@ -61,14 +61,10 @@ Features: * testing tool for socket activation: some binary that listens on a socket and passes it on using the usual socket activation protocol to some server. -* journald: add symlinks and device names to kernel messages - * maybe make systemd-detect-virt suid? or use fscaps? * consider using __secure_getenv() instead of getenv() in libs -* journald: automatic rekeying with no log messages doesn't appear to work - * man: document in ExecStart= explicitly that we don't take shell command lines, only executable names with arguments * shutdown: don't read-only mount anything when running in container @@ -135,14 +131,10 @@ Features: * switch-root: sockets need relabelling -* segfault in journalctl during /var migration - * systemd-analyze post-boot is broken for initrd * man: clarify that time-sync.target is not only sysv compat but also useful otherwise. Same for similar targets -* journalctl should complain if run with uid != 0 and no persistent logs exist - * .device aliases need to be implemented with the "following" logic, probably. * refuse taking lower-case variable names in sd_journal_send() and friends. @@ -188,7 +180,7 @@ Features: * systemctl: when stopping a service which has triggres and warning about it actually check the TriggeredBy= deps fields -* journal: hook up with EFI firmware log, new kmsg logic +* journal: hook up with EFI firmware log * handle C-A-Del in logind, like the power/suspend buttons? diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index bee26fd76..6aff1f1ba 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -747,8 +747,20 @@ int main(int argc, char *argv[]) { } #ifdef HAVE_ACL + if (access("/var/log/journal", F_OK) < 0 && geteuid() != 0 && in_group("adm") <= 0) { + log_error("Unprivileged users can't see messages unless persistent log storage is enabled. Users in the group 'adm' can always see messages."); + r = -EACCES; + goto finish; + } + if (!arg_quiet && geteuid() != 0 && in_group("adm") <= 0) - log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this message off."); + log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this notice off."); +#else + if (geteuid() != 0 && in_group("adm") <= 0) { + log_error("No access to messages. Only users in the group 'adm' can see messages."); + r = -EACCES; + goto finish; + } #endif r = add_this_boot(j); diff --git a/src/journal/journald.c b/src/journal/journald.c index 476d682fd..a1deceabd 100644 --- a/src/journal/journald.c +++ b/src/journal/journald.c @@ -360,7 +360,8 @@ static void server_vacuum(Server *s) { sd_id128_to_string(machine, ids); if (s->system_journal) { - if (asprintf(&p, "/var/log/journal/%s", ids) < 0) { + p = strappend("/var/log/journal/", ids); + if (!p) { log_oom(); return; } @@ -372,7 +373,8 @@ static void server_vacuum(Server *s) { } if (s->runtime_journal) { - if (asprintf(&p, "/run/log/journal/%s", ids) < 0) { + p = strappend("/run/log/journal/", ids); + if (!p) { log_oom(); return; } @@ -1394,7 +1396,7 @@ static int server_init(Server *s) { return 0; } -static void maybe_append_tags(Server *s) { +static void server_maybe_append_tags(Server *s) { #ifdef HAVE_GCRYPT JournalFile *f; Iterator i; @@ -1539,7 +1541,7 @@ int main(int argc, char *argv[]) { break; } - maybe_append_tags(&server); + server_maybe_append_tags(&server); } log_debug("systemd-journald stopped as pid %lu", (unsigned long) getpid()); -- 2.30.2