If DNS lookup for a remote loghost configured in syslog.conf did
not work at startup, the entry was ignored. Better retry the lookup
in intervals until it succeeds. Improve debug output to print IP
address after resolution. Unify retry code that resolves DNS for
UDP and connects to TCP server.
testing and feedback from Paul de Weerd; OK deraadt@
3rd (variadic) mode_t parameter is irrelevant. Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef.
ok millert
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
did not work anymore. unveil(2) prevented removal. Cleaning the
UNIX domain sockets is not necessary. They are harmless and unlinked
before a new bind. So delete that functionality and convert global
to local variables. Providing /var/run/syslog.pid is a common
feature that should be kept. A stale pid file is confusing. So
add a constant path to unveil(2) to allow pid file removal.
OK deraadt@
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
include config file "r", utmp "r", /dev "rw", /bin/sh "x" for running
piped commands, and the syslogd binary "x" itself for HUP re-exec upon
config loads with changes. Also unveiled in the privsep process are
the specific log files being written to.
If a config file reload changes no files, the existing privsep process
keeps running with unveil's to the relevant files (therefore it can
cope with newsyslogd taking files away). If a new config file is loaded
which changes the output files, the privsep process is restarted with
fork+exec, and installs new unveils as needed. The safety we gain from
unveil is that we've pigeonholed the privsep file-writer to exactly the
files required.
Help from bluhm for some edge cases.
reloading its config. This could happen when multiple signals were
sent during a short interval. So block SIGHUP until signal handlers
are installed.
OK deraadt@ jca@
re-exec itself. This exec is done during startup of the privsep
parent or when syslogd restarts after a SIGHUP. Convert a relative
path in argv[0] to an absolute one with realpath(3) before chdir(2).
Do all the path handling in priv_init().
suggested by millert@; OK jca@
ttymsg.c doesn't need to include fcntl.h.
Tweak standard fd sanitising to be more like the sanitise_stdfd()
used elsewhere, though other uses of 'nullfd' make importing
sanitise_stdfd() itself unappetizing.
Add a die(0) if dup2() fails.
suggestions & ok bluhm@
socket and accepts incomming messages. At the moment, only RFC
6587 3.4.2. Non-Transparent-Framing format with new-line separator
is supprted for incomming messsages. Outgoing messages are encoded
as 3.4.1. Octet Counting. Autodetection of incomming format will
be implemented later.
OK deraadt@ jmc@ millert@
address to receive UDP packets. One advantge over -u and the *
sockets is that you can bind to localhost and divert the packets
with pf. It is also possible to use a non standard port.
OK jung@ jmc@
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
- Name variable path_ctlsock consistently.
- Name function ctlconn_logto() consistently.
- Replace the nested if/else logic in ctlconn_write_handler()
with if/return.
- Call ctlconn_cleanup() only if there is a control connection.
OK doug@
line switches. If the log server is an FQDN, DNS chooses wether
to take the IPv4 or IPv6 route. Allow to prefix the log host with
udp4:// or udp6:// to choose a protocol.
OK henning@
needed for IPv6 addresses. Print full loghost specifier in case
of error or debug. Make string sizes more precise.
input henning@; input and OK deraadt@
that was necessary for gethostbyaddr() because the latter is not
signal safe. Change the return code semantics of priv_getnameinfo()
to match getnameinfo(3).
input and OK jca@
if the target is like "| /path/to/program", syslogd forks and execs program
and sends the selected log messages to program's stdin.
uses a socketpair, grows the receive buffer on the reader side and has the
socket nonblocking on syslog'd side to prevent syslogd blocking.
I'm using that here to feed logsurfer from ports for automated log analysis,
werks beautifully.
lots of input & help mpf, ok mpf djm "no objections" millert
SA_NOCLDSTOP flag for the SIGCHLD handler so the kernel does not
notify us when the child has been stopped, only when it exits.
Fixes a problem where if you suspended the child process the
parent would exit. OK otto@