oss-sec mailing list archives

CVE Request: systemd / journald created world readable journal files

From: Marcus Meissner <meissner () suse de>
Date: Fri, 8 Apr 2016 11:28:55 +0200

Hi,

systemd-journald from systemd v213 started creating world readable journals, allowing
local users to read sensitive system log entries.

While spotted by our users in
https://bugzilla.suse.com/show_bug.cgi?id=972612
the problem was present and fixed in upstream systemd git...

Introduced by this commit in v213:
https://github.com/systemd/systemd/commit/a606871da508995f5ede113a8fc6538afd98966c

Fixed for volatile journals was done by this commit in v214:
https://github.com/systemd/systemd/commit/176f2acf8dee45fee832fd2ab07243f63783a238

Fixed for the current persistent journal by this commit in v229:
https://github.com/systemd/systemd/commit/afae249efa4774c6676738ac5de6aeb4daf4889f

Ciao, Marcus

Current thread:

CVE Request: systemd / journald created world readable journal files Marcus Meissner (Apr 09)
- <Possible follow-ups>
- Re: CVE Request: systemd / journald created world readable journal files cve-assign (Apr 09)