From 52b7072c2c821fcf7d132967a03a2086d4621069 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Mon, 18 May 2015 09:34:57 +0200
Subject: [PATCH] ccpp: include the system logs only with root's coredumps
Search for suspicious lines in 'journalctl' only if uid == 0. A problem
of the type CCpp can be created only by root so no user can trick abrt
to run 'post-create' on a malicious problem directory with uid == 0.
Related: rhbz#1212868
Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
src/plugins/ccpp_event.conf | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/plugins/ccpp_event.conf b/src/plugins/ccpp_event.conf
index 15bb18c..809c3b7 100644
--- a/src/plugins/ccpp_event.conf
+++ b/src/plugins/ccpp_event.conf
@@ -33,14 +33,22 @@ EVENT=post-create analyzer=CCpp
journalctl --system -n1 >/dev/null
if [ $? -ne 0 ];
then
+ # Remove the exit below if you don't mind sharing data from the
+ # system logs with unprivileged users -> bugzilla.redhat.com/1212868
+ exit 0
# It's not an error if /var/log/messages isn't readable:
test -f /var/log/messages || exit 0
test -r /var/log/messages || exit 0
log=`grep -F -e "$base_executable" /var/log/messages | tail -99`
else
uid=`cat uid` &&
+ (
+ # Remove the line below if you don't mind sharing data from the
+ # system logs with unprivileged users -> bugzilla.redhat.com/1212868
+ [ "$uid" -ne 0 ] && exit 0
log="[System Logs]:\n" &&
- log=$log`journalctl -b --since=-3m --system -n 99 _COMM="$base_executable"` &&
+ log=$log`journalctl -b --since=-3m --system -n 99 _COMM="$base_executable"`
+ ) &&
log=$log"\n[User Logs]:\n" &&
log=$log`journalctl -b --since=-3m -n 99 _COMM="$base_executable" _UID="$uid"` &&
log=`echo -e "$log"`
--
2.1.0