Changeset 2093 for trunk/server/fedora/config/etc/syslog-ng/d_zroot.pl

Timestamp:

Dec 17, 2011, 12:00:18 AM (12 years ago)

Author:

geofft

Message:

d_zroot: Don't accidentally let @recipients be empty

d_zroot.pl fails to notice when the .k5login is nonexistent/empty, and
when it runs ("zwrite", "-c", "scripts-spew", @k5login), it ends up
giving zwrite no recipients, which causes the message to go to
<scripts-spew,*,*>. This has the potential to leak sensitive logs on a
misconfigured server.

Fix this by redacting messages and also warning at startup if the
.k5login is empty.

File:

• trunk/server/fedora/config/etc/syslog-ng/d_zroot.pl (modified) (3 diffs)

trunk/server/fedora/config/etc/syslog-ng/d_zroot.pl

@@ -17 +17 @@
 @USERS{@USERS} = undef;
 
-sub zwrite($;$$@) {
-    my ($message, $class, $instance, @recipients) = @_;
+sub zwrite($;$$\@) {
+    my ($message, $class, $instance, $recipref) = @_;
+    my @recipients = ();
+    if (defined($recipref)) {
+        if (@$recipref) {
+            @recipients = @$recipref;
+        } else {
+            $message = '@b(Empty recipient list specified, message redacted)';
+        }
+    }
     $class ||= $ZCLASS;
     $instance ||= 'root.'.hostname;
@@ -24 +32 @@
     print ZWRITE $message;
     close(ZWRITE);
+}
+
+unless (@RECIPIENTS) {
+    zwrite('@b(No .k5login found, sensitive logs will not be zephyred)', $ZCLASS);
 }
 
@@ -126 +138 @@
 
     foreach my $class (keys %toclass) {
-        if ($class eq "scripts-auto") {
+        if ($class eq $ZCLASS) {
             zwrite($toclass{$class}, $class);
         } else {