shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-01 17:51:22 +03:00
Code

journalctl: expunge verification key from argv (#5081)

Browse Source 
After parsing the --verify-key argument, overwrite it with null bytes.
This minimizes (but does not completely eliminate) the time frame within
which another process on the system can extract the verification key
from the journalctl command line.
This commit is contained in:
Lucas Werkmeister 2017-01-15 05:03:00 +01:00 committed by Zbigniew Jędrzejewski-Szmek
parent 6b3d378331
commit 6bae9b2abb
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/journal/journalctl.c
View File

@ -103,7 +103,7 @@ static const char *arg_directory = NULL;
static char **arg_file = NULL; static char **arg_file = NULL;
static bool arg_file_stdin = false; static bool arg_file_stdin = false;
static int arg_priorities = 0xFF; static int arg_priorities = 0xFF;
static const char *arg_verify_key = NULL; static char *arg_verify_key = NULL;
#ifdef HAVE_GCRYPT #ifdef HAVE_GCRYPT
static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC; static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
static bool arg_force = false; static bool arg_force = false;
@ -683,8 +683,11 @@ static int parse_argv(int argc, char *argv[]) {
case ARG_VERIFY_KEY: case ARG_VERIFY_KEY:
arg_action = ACTION_VERIFY; arg_action = ACTION_VERIFY;
arg_verify_key = optarg; arg_verify_key = strdup(optarg);
if (!arg_verify_key)
return -ENOMEM;
arg_merge = false; arg_merge = false;
string_erase(optarg);
break; break;
case ARG_INTERVAL: case ARG_INTERVAL:
@ -2621,6 +2624,7 @@ finish:
strv_free(arg_user_units); strv_free(arg_user_units);
free(arg_root); free(arg_root);
free(arg_verify_key);
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
} }