11930 – [PATCH] use SCM_CREDENTIALS in syslog()

Bug 11930 - [PATCH] use SCM_CREDENTIALS in syslog()

Summary: [PATCH] use SCM_CREDENTIALS in syslog()

Status:	RESOLVED INVALID

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	libc (show other bugs)
Version:	unspecified

Importance:	P2 enhancement
Target Milestone:	---
Assignee:	Ulrich Drepper

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-08-20 02:44 UTC by Lennart Poettering
Modified:	2014-06-30 08:14 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security-

Attachments
the patch (1.03 KB, patch) 2010-08-20 02:46 UTC, Lennart Poettering	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lennart Poettering 2010-08-20 02:44:35 UTC

The attached patch enables SCM_CREDENTIALS for all log messages written. This
has multiple benefits, most importantly: while previously log messages could not
be authenticated this now provides a reliable way how at least local log
messages can be made trustworthy, so that messages from privileged users can be
securely distinguished from messages from unprivileged users. In addition this
allows logging daemons to insert PID fields in log messages even if LOG_PID was
not set on the client side.

This patch should be compatible with existing syslogd implementations since the
server side has to explicitly enable reception of SCM_CREDENTIALS with
SO_PASSCRED. As long as they don't the data will silently be dropped by the
kernel and syslogd implementations should see no difference at all from the 
traditional behaviour.

Comment 1 Lennart Poettering 2010-08-20 02:46:29 UTC

Created attachment 4942 [details]
the patch

Comment 2 Lennart Poettering 2010-08-21 01:31:47 UTC

Never mind, the kernel attaches SCM_CREDENTIALS to every AF_UNIX packet anyway
as it seems. This patch is hence redundant.