~martijnbraam/public-inbox

1

[logbookd] Record user id that writes logs

Details
Message ID
<2563e77d-16a5-474c-82d9-eb413cf248d9@app.fastmail.com>
DKIM signature
pass
Download raw message
Hi Martijn,

When a user pipes syslog data into /dev/log, this ends up in the logs
with the user facility, but there's no way to determine _which_ user
logged a given line.

From what I can tell, logbookd can determine the user on the other
side of a socket connection using getsockopt(2) with SO_PEERCRED.

There is currently no "correct" place to save the user id into the
sqlite database. Is adding a `uid TEXT NULL` column an acceptable
approach for this?

Cheers,

-- 
Hugo
Details
Message ID
<ca0d4d60-1364-4b6c-a84a-1c527a96dd2b@app.fastmail.com>
In-Reply-To
<2563e77d-16a5-474c-82d9-eb413cf248d9@app.fastmail.com> (view parent)
DKIM signature
pass
Download raw message
On Mon, 6 May 2024, at 11:49, Hugo Osvaldo Barrera wrote:
> When a user pipes syslog data into /dev/log, this ends up in the logs
> with the user facility, but there's no way to determine _which_ user
> logged a given line.
>
> From what I can tell, logbookd can determine the user on the other
> side of a socket connection using getsockopt(2) with SO_PEERCRED.
>

I tried to implement this and realised that you can't use getsockopt
on a socket of SOCK_DGRAM; there's no connection in this case.

I don't think that asserting the uid of the logging process if 
feasible.

-- 
Hugo
Reply to thread Export thread (mbox)