On Thu, 29.10.15 15:20, Olaf Hering (olaf@xxxxxxxxx) wrote:
> On Thu, Oct 29, Karel Zak wrote:
>
> > On Wed, Oct 21, 2015 at 11:37:43AM +0200, Olaf Hering wrote:
> > > On Mon, Oct 12, Olaf Hering wrote:
> > >
> > > > So, its "systemd" who eats the required info.
> > >
> > > In case you miss it:
> > >
> > > ...
> > > We do not allow faking syslog PID fields, for security reasons, it
> > > will always be set to what the kernel passed to journald.
> > >
> > > If this is something to support, then "logger" needs to to be patched so
> > > that it can fake the SCM_CREDENTIALS metadata of the messages sent.
> > > This requires privileges, but is not hard to do. Please file a bug
> > > against util-linux and ask for for this to be added.
> >
> > Implemented, try logger(1) from util-linux git tree, please.
>
> Not sure what the "We" above refers to, but this change from 27a9eb5
> may still not work for me:
>
> + && geteuid() == 0 && kill(ctl->pid, 0) == 0) {
>
> For me its required to run logger as non-root and still get the
> specified number, like it used to do it years ago.
Sorry, but this is something we are unlikely to support in
systemd. Allowing unprivileged processes to fake arbitrary UIDs is
a security problem, and it's really nothing we should provide support
for.
Sorry,
Lennart
--
Lennart Poettering, Red Hat
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
