picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Make sure we only show authentic coredump messages

Browse source 
Before we only checked the MESSAGE_ID and COREDUMP_UNIT.
Those are both user-controlled fields.

For COREDUMP_USER_UNIT, relax the rules a bit, and also
allow messages from _UID=0.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2013-06-20 21:48:26 -04:00
parent 968f319679
commit fdcd37df3b
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/shared/logs-show.c
View file

@ -927,8 +927,8 @@ int add_matches_for_unit(sd_journal *j, const char *unit) {
/* Look for coredumps of the service */
(r = sd_journal_add_disjunction(j)) ||
(r = sd_journal_add_match(j,
"MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1", 0)) ||
(r = sd_journal_add_match(j, "MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1", 0)) ||
(r = sd_journal_add_match(j, "_UID=0", 0)) ||
(r = sd_journal_add_match(j, m2, 0)) ||
/* Look for messages from PID 1 about this service */
@ -965,7 +965,8 @@ int add_matches_for_user_unit(sd_journal *j, const char *unit, uid_t uid) {
/* Look for coredumps of the service */
(r = sd_journal_add_disjunction(j)) ||
(r = sd_journal_add_match(j, m3, 0)) ||
(r = sd_journal_add_match(j, m4, 0))
(r = sd_journal_add_match(j, m4, 0)) ||
(r = sd_journal_add_match(j, "_UID=0", 0))
);
return r;
}