diff options
author | Lennart Poettering <lennart@poettering.net> | 2013-03-05 14:27:34 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2013-03-05 14:27:34 +0100 |
commit | 40adcda869bda55f44b57fd3a2bd71d006dfb51b (patch) | |
tree | 1b36592bacd77de1efc79292c7ace9d66ca529cf /src/journal | |
parent | 8a0889dfdafa3054c894e54852d8a9e3a7e8390b (diff) |
journald: be a bit more careful when spitting up journals by user id
Diffstat (limited to 'src/journal')
-rw-r--r-- | src/journal/journald-server.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index dcfdeaf68e..b46a2f63b3 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -670,10 +670,19 @@ static void dispatch_message_real( assert(n <= m); if (s->split_mode == SPLIT_UID && realuid > 0) + /* Split up strictly by any UID */ journal_uid = realuid; - else if (s->split_mode == SPLIT_LOGIN && owner_valid && owner > 0) + else if (s->split_mode == SPLIT_LOGIN && owner_valid && owner > 0 && realuid > 0) + /* Split up by login UIDs, this avoids creation of + * individual journals for system UIDs. We do this + * only if the realuid is not root, in order not to + * accidentally leak privileged information logged by + * a privileged process that is part of an + * unprivileged session to the user. */ journal_uid = owner; - else if (s->split_mode == SPLIT_LOGIN && loginuid_valid && loginuid > 0) + else if (s->split_mode == SPLIT_LOGIN && loginuid_valid && loginuid > 0 && realuid > 0) + /* Hmm, let's try via the audit uids, as fallback, + * just in case */ journal_uid = loginuid; else journal_uid = 0; |