feat(logger): write logs to /var/log/biopass#111
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b0bb0dc6ff
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| std::filesystem::create_directories(log_path); | ||
|
|
||
| auto logger = spdlog::daily_logger_mt("biopass", log_path + "/biopass.log", 0, 0, false, 30); |
There was a problem hiding this comment.
When the PAM helper runs as root and debug logging is enabled, create_directories and the daily file sink inherit the process umask (commonly 022), so /var/log/biopass/<username> can be 0755 and the daily log 0644. Those logs include biometric-auth details such as face match scores, spoofing decisions, camera/device paths, and enrolled image paths, which makes another local user able to read a user's authentication telemetry; set restrictive directory/file permissions (or a temporary umask/chmod) before opening the sink.
Useful? React with 👍 / 👎.
1 participant
No description provided.