rpms / abrt

Clone
Source Code
GIT

Blame 0105-ccpp-include-the-system-logs-only-with-root-s-coredu.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-sig-altarch-debrand c8-beta f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 master
  1.   fa1950198b4cd7ea9c3c04c4d0abcde7a69ff912
  2.   0105-ccpp-include-the-system-logs-only-with-root-s-coredu.patch
Blob History Raw
Matej Habrnal fa1950 
From 52b7072c2c821fcf7d132967a03a2086d4621069 Mon Sep 17 00:00:00 2001
Matej Habrnal fa1950 
From: Jakub Filak <jfilak@redhat.com>
Matej Habrnal fa1950 
Date: Mon, 18 May 2015 09:34:57 +0200
Matej Habrnal fa1950 
Subject: [PATCH] ccpp: include the system logs only with root's coredumps
Matej Habrnal fa1950
Matej Habrnal fa1950 
Search for suspicious lines in 'journalctl' only if uid == 0.  A problem
Matej Habrnal fa1950 
of the type CCpp can be created only by root so no user can trick abrt
Matej Habrnal fa1950 
to run 'post-create' on a malicious problem directory with uid == 0.
Matej Habrnal fa1950
Matej Habrnal fa1950 
Related: rhbz#1212868
Matej Habrnal fa1950
Matej Habrnal fa1950 
Signed-off-by: Jakub Filak <jfilak@redhat.com>
Matej Habrnal fa1950 
---
Matej Habrnal fa1950 
 src/plugins/ccpp_event.conf | 10 +++++++++-
Matej Habrnal fa1950 
 1 file changed, 9 insertions(+), 1 deletion(-)
Matej Habrnal fa1950
Matej Habrnal fa1950 
diff --git a/src/plugins/ccpp_event.conf b/src/plugins/ccpp_event.conf
Matej Habrnal fa1950 
index 15bb18c..809c3b7 100644
Matej Habrnal fa1950 
--- a/src/plugins/ccpp_event.conf
Matej Habrnal fa1950 
+++ b/src/plugins/ccpp_event.conf
Matej Habrnal fa1950 
@@ -33,14 +33,22 @@ EVENT=post-create analyzer=CCpp
Matej Habrnal fa1950 
             journalctl --system -n1 >/dev/null
Matej Habrnal fa1950 
             if [ $? -ne 0 ];
Matej Habrnal fa1950 
             then
Matej Habrnal fa1950 
+                # Remove the exit below if you don't mind sharing data from the
Matej Habrnal fa1950 
+                # system logs with unprivileged users -> bugzilla.redhat.com/1212868
Matej Habrnal fa1950 
+                exit 0
Matej Habrnal fa1950 
                 # It's not an error if /var/log/messages isn't readable:
Matej Habrnal fa1950 
                 test -f /var/log/messages || exit 0
Matej Habrnal fa1950 
                 test -r /var/log/messages || exit 0
Matej Habrnal fa1950 
                 log=`grep -F -e "$base_executable" /var/log/messages | tail -99`
Matej Habrnal fa1950 
             else
Matej Habrnal fa1950 
                 uid=`cat uid` &&
Matej Habrnal fa1950 
+                (
Matej Habrnal fa1950 
+                # Remove the line below if you don't mind sharing data from the
Matej Habrnal fa1950 
+                # system logs with unprivileged users -> bugzilla.redhat.com/1212868
Matej Habrnal fa1950 
+                [ "$uid" -ne 0 ] && exit 0
Matej Habrnal fa1950 
                 log="[System Logs]:\n" &&
Matej Habrnal fa1950 
-                log=$log`journalctl -b --since=-3m --system -n 99 _COMM="$base_executable"` &&
Matej Habrnal fa1950 
+                log=$log`journalctl -b --since=-3m --system -n 99 _COMM="$base_executable"`
Matej Habrnal fa1950 
+                ) &&
Matej Habrnal fa1950 
                 log=$log"\n[User Logs]:\n" &&
Matej Habrnal fa1950 
                 log=$log`journalctl -b --since=-3m -n 99 _COMM="$base_executable" _UID="$uid"` &&
Matej Habrnal fa1950 
                 log=`echo -e "$log"`
Matej Habrnal fa1950 
--
Matej Habrnal fa1950 
2.1.0
Matej Habrnal fa1950

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation