On Sat, Feb 12, 2011 at 9:49 PM, Philip Guenther <guent...@gmail.com> wrote: > On Sat, Feb 12, 2011 at 10:56 AM, Otto Moerbeek <o...@drijf.net> wrote: >>> > On Sat, Feb 12, 2011 at 9:49 AM, Eric <airu...@gmail.com> wrote: >>> >> I'm making some modifications to syslogd/syslog so that I can control >>> access >>> >> to log sockets and have a set of high integrity log files that didn't >>> >> receive logs >>> >> from world-writable log sockets. Briefly, this means: > ... >> Yes, originally permissions on sockets were not enforced. But creating >> a socket and setting permissions on it is still subject to race >> conditions. So in practice you'll need dirs. > > ...and directories solve the group ownership too: a new UNIX domain > socket will inherit the group of the directory it's created in. So > syslogd doesn't need any special code for handling the creation of the > socket, you just need the code to filter based on source socket and > the code to have syslog() go to an alternate socket. > > Regarding the latter: if you're intending that this should affect all > programs without any changes to the program themselves, then this will > require much care and verification that it doesn't bloat everything. > Consider that *every* C program on OpenBSD pulls in syslog_r() to > support the stack-protector check code. If that starts pulling the > NIS code for getgrgid() to do the gid -> name mapping to find the > syslog socket, then many binaries will grow. That code would _have_ > to be excluded from the libc used in ramdisk builds! > > > Philip Guenther >
I can only think of two ways to avoid having NIS linked into everything: - Only use the modified syslog functions though LD_PRELOAD - Make openlog/syslog/closelog system calls (this would also allow us to ensure the accuracy of the pid and program name strings, and we could filter by program name in syslogd).
