I have a logging application and shared library, that write to this application via unix socket.
I want to implement exclusive access of writing to logging application only for the dynamic library.
I could restrict access of writing to the socket only for specific users/groups, but applications, that use my dynamic library, could be stated without any specific permissions.
If you want more specifics: my dynamic library is pam module. Application, that has no extra permissions -- is mate-screensaver. Mate-screensaver is started by locked user without euid, egid set.
I figured out, that I could add challenge request to my logger application, and dynamic library should pass it. Logger application will be send a nonce to client, and client should write correct HMAC on it.
But I think this solution is a nasty workaround. Algorithm of secret generation is emplaced into binary and potentially could be discovered
Are there some general approaches of resolving this problems?
UPD:
I checked standard syslog. I can write to /var/log/secure
by unprivileged users:
#include <syslog.h>
int main() {
openlog("sudo", 0, LOG_AUTHPRIV);
syslog(LOG_ERR, "pam_unix(sudo:auth) authentication failure; logname=...");
}
So, after that I starting to think that problem, that I try to resolve is made-up problem
Im tring to restrict that someone write fake info about logging in by another user
Suppose you managed to restrict writing to a socket by your library.so
(no such mechanism exists, but suppose it did).
Somewhere in your library you must have a write(sock, "whatever data ...", )
call that actually logs the data.
If I can run a program using your library under debugger, then I can stop that program just before that write
call, change the data it was about to write
to whatever I want, and continue the program.
End result: your "just my library" protection is worthless, and I can write any data I want to the socket.
I starting to think that problem, that I try to resolve is made-up problem
Well, even if you problem is not made up, the solution you proposed doesn't achieve desired result.