projects / systemd / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3e433af) | patch
journalctl: verify sealed log epochs are continuous
authorFelix Dörre <felix.doerre@kit.edu>
Fri, 18 Aug 2023 08:00:40 +0000 (10:00 +0200)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Wed, 8 Nov 2023 20:13:27 +0000 (05:13 +0900)
commite375bc5fcc080815ce849261eb505d084c2fde3e
tree064fd93acd69a22b5171ecb344b097b15f61f18atree | snapshot
parent3e433afac9566e5a7699ee1b7b9a0d34f04da744commit | diff
journalctl: verify sealed log epochs are continuous

Currently empty epochs are not sealed. This allows an attacker to truncate
a sealed log and continue it without any problems showing when verifying the
log.

This partially addresses CVE-2023-31438. One way to extend this change to
address CVE-2023-31438 completely, would be to verify that there is exactly
one seal per epoch (and not sealing when the epoch has not ended yet).

the change also adds a journal-file flag: HEADER_COMPATIBLE_SEALED_CONTINUOUS
this flag indicates that a journal file is sealed continuously and decides whether
any missing crypto epochs should trigger a warning or an error.
src/journal/journald-server.c diff | blob | history
src/libsystemd/sd-journal/journal-authenticate.c diff | blob | history
src/libsystemd/sd-journal/journal-def.h diff | blob | history
src/libsystemd/sd-journal/journal-file.c diff | blob | history
src/libsystemd/sd-journal/journal-file.h diff | blob | history
src/libsystemd/sd-journal/journal-verify.c diff | blob | history
src/shared/journal-file-util.c diff | blob | history
src/shared/journal-file-util.h diff | blob | history
https://github.com/systemd/systemd.git