From 52b7072c2c821fcf7d132967a03a2086d4621069 Mon Sep 17 00:00:00 2001 From: Jakub Filak Date: Mon, 18 May 2015 09:34:57 +0200 Subject: [PATCH] ccpp: include the system logs only with root's coredumps Search for suspicious lines in 'journalctl' only if uid == 0. A problem of the type CCpp can be created only by root so no user can trick abrt to run 'post-create' on a malicious problem directory with uid == 0. Related: rhbz#1212868 Signed-off-by: Jakub Filak --- src/plugins/ccpp_event.conf | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/plugins/ccpp_event.conf b/src/plugins/ccpp_event.conf index 15bb18c..809c3b7 100644 --- a/src/plugins/ccpp_event.conf +++ b/src/plugins/ccpp_event.conf @@ -33,14 +33,22 @@ EVENT=post-create analyzer=CCpp journalctl --system -n1 >/dev/null if [ $? -ne 0 ]; then + # Remove the exit below if you don't mind sharing data from the + # system logs with unprivileged users -> bugzilla.redhat.com/1212868 + exit 0 # It's not an error if /var/log/messages isn't readable: test -f /var/log/messages || exit 0 test -r /var/log/messages || exit 0 log=`grep -F -e "$base_executable" /var/log/messages | tail -99` else uid=`cat uid` && + ( + # Remove the line below if you don't mind sharing data from the + # system logs with unprivileged users -> bugzilla.redhat.com/1212868 + [ "$uid" -ne 0 ] && exit 0 log="[System Logs]:\n" && - log=$log`journalctl -b --since=-3m --system -n 99 _COMM="$base_executable"` && + log=$log`journalctl -b --since=-3m --system -n 99 _COMM="$base_executable"` + ) && log=$log"\n[User Logs]:\n" && log=$log`journalctl -b --since=-3m -n 99 _COMM="$base_executable" _UID="$uid"` && log=`echo -e "$log"` -- 2.1.0