sysklogd

Robert Connolly robert at linuxfromscratch.org
Tue May 22 15:26:11 PDT 2007


On Tuesday May 22 2007 11:23:24 am Robert Connolly wrote:
> I ran 'strace -f' on klogd and found another problem, which is discussed
> here: http://www.redhat.com/archives/axp-list/1998-October/msg01043.html
>
> Notice the date on that link.. this was never fixed upstream.
>
> klogd tries to use an unimplemented syscall 1024 (resource-limit-max)
> times. Unimplemented syscalls don't return a newline character, and klogd
> doesn't expect that, and it keeps trying.

My mistake. When I saw 1021 failed attempts to close non-existant file 
descriptors, I thought it was a bug, but it's not. Klogd loops through every 
possible file descriptor, to close them, before forking. It's not very 
efficient, or necessary, but it certainly makes sure none remain open. 
There's probably a reason for it, so I'll leave it alone.

Klogd can't drop privileges with existing patches... when I try I see klogd 
opens /proc/kmsg as root, then chroots and drops to a regular user, but the 
kernel won't allow the regular user to read /proc/kmsg. This works on regular 
files, like when the syslog user opens /var/log/logfiles, but doesn't seem to 
work with /proc files. The same thing happens when trying to change priority 
with the kernel syslog call. I'm hoping to find a way to use Linux posix 
capabilities so klogd can drop to a regular user but keep root privileges 
on /proc/kmsg and syslog(2). The permissions on /proc/kmsg are deeper than 
filesystem permissions. Making it group readable doesn't have any affect.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20070522/36016316/attachment.sig>


More information about the hlfs-dev mailing list