|
Matej Habrnal |
fa1950 |
From 52b7072c2c821fcf7d132967a03a2086d4621069 Mon Sep 17 00:00:00 2001
|
|
Matej Habrnal |
fa1950 |
From: Jakub Filak <jfilak@redhat.com>
|
|
Matej Habrnal |
fa1950 |
Date: Mon, 18 May 2015 09:34:57 +0200
|
|
Matej Habrnal |
fa1950 |
Subject: [PATCH] ccpp: include the system logs only with root's coredumps
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
Search for suspicious lines in 'journalctl' only if uid == 0. A problem
|
|
Matej Habrnal |
fa1950 |
of the type CCpp can be created only by root so no user can trick abrt
|
|
Matej Habrnal |
fa1950 |
to run 'post-create' on a malicious problem directory with uid == 0.
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
Related: rhbz#1212868
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
Matej Habrnal |
fa1950 |
---
|
|
Matej Habrnal |
fa1950 |
src/plugins/ccpp_event.conf | 10 +++++++++-
|
|
Matej Habrnal |
fa1950 |
1 file changed, 9 insertions(+), 1 deletion(-)
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
diff --git a/src/plugins/ccpp_event.conf b/src/plugins/ccpp_event.conf
|
|
Matej Habrnal |
fa1950 |
index 15bb18c..809c3b7 100644
|
|
Matej Habrnal |
fa1950 |
--- a/src/plugins/ccpp_event.conf
|
|
Matej Habrnal |
fa1950 |
+++ b/src/plugins/ccpp_event.conf
|
|
Matej Habrnal |
fa1950 |
@@ -33,14 +33,22 @@ EVENT=post-create analyzer=CCpp
|
|
Matej Habrnal |
fa1950 |
journalctl --system -n1 >/dev/null
|
|
Matej Habrnal |
fa1950 |
if [ $? -ne 0 ];
|
|
Matej Habrnal |
fa1950 |
then
|
|
Matej Habrnal |
fa1950 |
+ # Remove the exit below if you don't mind sharing data from the
|
|
Matej Habrnal |
fa1950 |
+ # system logs with unprivileged users -> bugzilla.redhat.com/1212868
|
|
Matej Habrnal |
fa1950 |
+ exit 0
|
|
Matej Habrnal |
fa1950 |
# It's not an error if /var/log/messages isn't readable:
|
|
Matej Habrnal |
fa1950 |
test -f /var/log/messages || exit 0
|
|
Matej Habrnal |
fa1950 |
test -r /var/log/messages || exit 0
|
|
Matej Habrnal |
fa1950 |
log=`grep -F -e "$base_executable" /var/log/messages | tail -99`
|
|
Matej Habrnal |
fa1950 |
else
|
|
Matej Habrnal |
fa1950 |
uid=`cat uid` &&
|
|
Matej Habrnal |
fa1950 |
+ (
|
|
Matej Habrnal |
fa1950 |
+ # Remove the line below if you don't mind sharing data from the
|
|
Matej Habrnal |
fa1950 |
+ # system logs with unprivileged users -> bugzilla.redhat.com/1212868
|
|
Matej Habrnal |
fa1950 |
+ [ "$uid" -ne 0 ] && exit 0
|
|
Matej Habrnal |
fa1950 |
log="[System Logs]:\n" &&
|
|
Matej Habrnal |
fa1950 |
- log=$log`journalctl -b --since=-3m --system -n 99 _COMM="$base_executable"` &&
|
|
Matej Habrnal |
fa1950 |
+ log=$log`journalctl -b --since=-3m --system -n 99 _COMM="$base_executable"`
|
|
Matej Habrnal |
fa1950 |
+ ) &&
|
|
Matej Habrnal |
fa1950 |
log=$log"\n[User Logs]:\n" &&
|
|
Matej Habrnal |
fa1950 |
log=$log`journalctl -b --since=-3m -n 99 _COMM="$base_executable" _UID="$uid"` &&
|
|
Matej Habrnal |
fa1950 |
log=`echo -e "$log"`
|
|
Matej Habrnal |
fa1950 |
--
|
|
Matej Habrnal |
fa1950 |
2.1.0
|
|
Matej Habrnal |
fa1950 |
|