Functionality/Security Issue (Group 10): Logread Accepting Multiple Log Files with Identical Secrets - Possible Key Leakage

[aditya-me13]

The logread command runs without errors for two log files at once if the log files share the same secret.

In the first three commands below, notice that the log files log1 and log2 have the same secret, allowing the logread command in the third instance to execute successfully. Ideally, it should only accept one log file to read at a time.

However, an error occurs if two log files specified in the logread command have different secrets. In this case, log3 and log4 have secrets secret3 and secret4, respectively. Therefore, command 6 throws an error when attempting to read both files simultaneously.

This appears to be a functionality issue,however the ability to access two log files at once could lead to security vulnerabilities. Since I have access to all the log files (I can see their names but not their contents, refer image below)

I could theoretically perform a brute force attack to check if the password of my log file matches anyone else's. While this may seem impractical on a smaller scale, the potential for collisions (where two log files share the same secret) increases significantly with larger datasets.

I am still uncertain whether this constitutes a security issue or merely a functionality issue. @bichhawat sir, could you please clarify this?

[aditya-me13]

This is actually true for logappend as well. Here the log file log5 was not created before. However the below shown command lead to updation in log4 and a creation of new log file log5 with the same secret, without throwing any error.