What are reasonable blockers for making journald the default logger in F19?

[Andrew Schultz]

Simo Sorce wrote:
> All very nice, but the current situation is that this info *is* sent to
> the log.
> So I applaud if you want to go and fix applications, in the meanwhile we
> cannot relax security around that log IMO.

The current situation (from where I'm sitting) is that the private info 
is *not* sent to the log because the of the gdm chooser design.  So what 
we have instead is that non-private info is being sent to a 
super-private log and (as Lennart pointed out) that information is less 
accessible to the admins that might be able to use it.

If you are concerned about people not using the chooser or some other 
vector to hit the issue with pam, then fixing pam is a ~1 line patch (if 
people can be convinced that the info shouldn't be logged).  I can't 
imagine too many other applications having this bad behavior (given that 
I never see passwords in the logs anymore).  I don't know what we 
accomplish by protecting AUTHPRIV as a facilitator of applications 
logging things that shouldn't be logged.

-- 
Andrew Schultz
ajs42 at buffalo.edu
http://www.sens.buffalo.edu/~ajs42/