On Thu, Sep 27, 2012 at 9:19 PM, Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net> wrote:
"Inspired by git, in the journal all entries are cryptographically hashed along with the hash of the previous entry in the file."
That's quite easy to forge. Just recompute all hashes. A modern computer can do that in a few seconds for a hundred-MB file. A lot easier if the entry I want to forge is the last one.
Write a tool to recompute the hashes, submit a talk about it to 29C3 <http://events.ccc.de/2012/08/03/call-for-participation-for-29th-chaos-communication-congress/> and watch the systemd fans go mad. Should be fun.
Ok. git clone http://cgit.freedesktop.org/systemd/systemd/src/journal go to journal-verify.c line 83, change "if (h1 != h2) return -EBADMSG" into "if (h1 != h2) o->data.hash = htole64(h2);" Build. Enjoy. Best of all, since the file is mmapped, the change is immediately visible to journald. Cool huh? I probably needs a little more rock'n'roll to sync up the tool's fsprg_state with journald's, that can be done with /proc/pid/mem. Can I submit now? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org