cvs commit: patches/sysklogd sysklogd-1.4.1-security-1.patch

jim at linuxfromscratch.org jim at linuxfromscratch.org
Wed Jun 2 14:45:19 PDT 2004


jim         04/06/02 15:45:19

  Added:       sysklogd sysklogd-1.4.1-security-1.patch
  Log:
  Added: sysklogd-1.4.1-security-1.patch
  
  Revision  Changes    Path
  1.1                  patches/sysklogd/sysklogd-1.4.1-security-1.patch
  
  Index: sysklogd-1.4.1-security-1.patch
  ===================================================================
  Submitted By: Jim Gifford (jim at linuxfromscratch dot org)
  Date: 2004-05-06
  Initial Package Version: 1.4.1
  Origin: Archaic 
  Upstream Status: Unknown
  Description: Allows syslog and klog to use a specific user other than root
   
  diff -Nur sysklogd-1.4.1.orig/klogd.8 sysklogd-1.4.1/klogd.8
  --- sysklogd-1.4.1.orig/klogd.8	Sun Mar 11 20:35:51 2001
  +++ sysklogd-1.4.1/klogd.8	Fri Mar 16 14:11:38 2001
  @@ -3,6 +3,7 @@
   .\" Sun Jul 30 01:35:55 MET: Martin Schulze: Updates
   .\" Sun Nov 19 23:22:21 MET: Martin Schulze: Updates
   .\" Mon Aug 19 09:42:08 CDT 1996: Dr. G.W. Wettstein: Updates
  +.\" Thu Feb 17 2000: Chris Wing: Unprivileged klogd feature
   .\"
   .TH KLOGD 8 "21 August, 1999" "Version 1.4" "Linux System Administration"
   .SH NAME
  @@ -17,7 +18,11 @@
   .RB [ " \-f "
   .I fname
   ]
  +.RB [ " \-u "
  +.I username
  +]
   .RB [ " \-iI " ]
  +.RB [ " \-r " ]
   .RB [ " \-n " ]
   .RB [ " \-o " ]
   .RB [ " \-p " ]
  @@ -46,11 +51,24 @@
   .BI "\-f " file
   Log messages to the specified filename rather than to the syslog facility.
   .TP
  +.BI "\-u " username
  +Tells klogd to become the specified user and drop root privileges before
  +starting logging. This is useful if you are paranoid about how well we wrote
  +this program.
  +.TP
   .BI "\-i \-I"
   Signal the currently executing klogd daemon.  Both of these switches control
   the loading/reloading of symbol information.  The \-i switch signals the
   daemon to reload the kernel module symbols.  The \-I switch signals for a
   reload of both the static kernel symbols and the kernel module symbols.
  +.TP
  +.B "\-r"
  +Reset kernel logging. You should run
  +.B klogd
  +with this argument after killing the daemon, if you run the daemon as a non-
  +privileged user. This is because
  +.B klogd
  +will be unable to reset kernel logging automatically in that case.
   .TP
   .B "\-n"
   Avoid auto-backgrounding.  This is needed especially if the
  diff -Nur sysklogd-1.4.1.orig/klogd.c sysklogd-1.4.1/klogd.c
  --- sysklogd-1.4.1.orig/klogd.c	Sun Mar 11 20:40:10 2001
  +++ sysklogd-1.4.1/klogd.c	Fri Mar 16 14:38:52 2001
  @@ -275,6 +275,10 @@
   #define ksyslog klogctl
   #endif
   
  +/* Support for running as an unprivileged user */
  +#include <pwd.h>
  +#include <grp.h>
  +
   #define LOG_BUFFER_SIZE 4096
   #define LOG_LINE_LENGTH 1000
   
  @@ -308,6 +312,9 @@
   int debugging = 0;
   int symbols_twice = 0;
   
  +int drop_privileges = 0;
  +uid_t server_uid = 0;
  +gid_t server_gid = 0;
   
   /* Function prototypes. */
   extern int ksyslog(int type, char *buf, int len);
  @@ -994,7 +1001,7 @@
   	chdir ("/");
   #endif
   	/* Parse the command-line. */
  -	while ((ch = getopt(argc, argv, "c:df:iIk:nopsvx2")) != EOF)
  +	while ((ch = getopt(argc, argv, "c:df:u:iIk:noprsvx2")) != EOF)
   		switch((char)ch)
   		{
   		    case '2':		/* Print lines with symbols twice. */
  @@ -1010,6 +1017,31 @@
   			output = optarg;
   			use_output++;
   			break;
  +		    case 'u':           /* Run as this user */
  +			if (optarg) {
  +			    struct passwd *pwd;
  +
  +			    pwd = getpwnam(optarg);
  +			    if (!pwd) {
  +				fprintf(stderr, "Failed to look up user %s " \
  +				"to switch to. Terminating.\n", optarg);
  +			    exit(1);
  +			    }
  +
  +			drop_privileges = 1;
  +			server_uid = pwd->pw_uid;
  +			server_gid = pwd->pw_gid;
  +			} else {
  +			    fprintf(stderr, "Must specify user name along " \
  +			                    "with -u option.\n");
  +			    exit(1);
  +			}
  +			break;
  +		    case 'r':           /* Reset logging */
  +			Syslog(LOG_INFO, "Resetting kernel logging.");
  +			CloseLogSrc();
  +			exit(0);
  +			break;
   		    case 'i':		/* Reload module symbols. */
   			SignalDaemon(SIGUSR1);
   			return(0);
  @@ -1161,6 +1193,13 @@
   	if (symbol_lookup) {
   		InitKsyms(symfile);
   		InitMsyms();
  +	}
  +
  +	/* Drop privileges if a user name was specified on the command line */
  +	if (drop_privileges) {
  +		setgroups(0, NULL);
  +		setgid(server_gid);
  +		setuid(server_uid);
   	}
   
           /* The main loop. */
  diff -Nur sysklogd-1.4.1.orig/sysklogd.8 sysklogd-1.4.1/sysklogd.8
  --- sysklogd-1.4.1.orig/sysklogd.8	Sun Mar 11 20:35:51 2001
  +++ sysklogd-1.4.1/sysklogd.8	Fri Mar 16 14:40:16 2001
  @@ -29,6 +29,9 @@
   .RB [ " \-s "
   .I domainlist
   ]
  +.RB [ " \-u"
  +.IB username
  +]
   .RB [ " \-v " ]
   .LP
   .SH DESCRIPTION
  @@ -149,6 +152,22 @@
   is specified and the host logging resolves to satu.infodrom.north.de
   no domain would be cut, you will have to specify two domains like:
   .BR "\-s north.de:infodrom.north.de" .
  +.TP
  +.BI "\-u " "username"
  +This causes the
  +.B syslogd
  +daemon to become the named user before starting up logging. This
  +option is useful if you are paranoid about how well we wrote this
  +program.
  +
  +Note that when this option is in use,
  +.B syslogd
  +will open all log files as root when the daemon is first started;
  +however, after a
  +.B SIGHUP
  +the files will be reopened as the non-privileged user. You should
  +take this into account when deciding the ownership of the log
  +files.
   .TP
   .B "\-v"
   Print version and exit.
  diff -Nur sysklogd-1.4.1.orig/syslogd.c sysklogd-1.4.1/syslogd.c
  --- sysklogd-1.4.1.orig/syslogd.c	Sun Mar 11 20:40:10 2001
  +++ sysklogd-1.4.1/syslogd.c	Fri Mar 16 14:44:02 2001
  @@ -500,6 +500,10 @@
   #include <paths.h>
   #endif
   
  +/* Support for running syslogd as non-root user */
  +#include <pwd.h>
  +#include <grp.h>
  +
   #ifndef UTMP_FILE
   #ifdef UTMP_FILENAME
   #define UTMP_FILE UTMP_FILENAME
  @@ -735,6 +739,7 @@
   char	**LocalHosts = NULL;	/* these hosts are logged with their hostname */
   int	NoHops = 1;		/* Can we bounce syslog messages through an
   				   intermediate host. */
  +char	*server_user = NULL;	/* user name to run server as, instead of root */
   
   extern	int errno;
   
  @@ -829,7 +834,7 @@
   		funix[i]  = -1;
   	}
   
  -	while ((ch = getopt(argc, argv, "a:dhf:l:m:np:rs:v")) != EOF)
  +	while ((ch = getopt(argc, argv, "a:dhf:l:m:np:rs:u:v")) != EOF)	
   		switch((char)ch) {
   		case 'a':
   			if (nfunix < MAXFUNIX)
  @@ -874,6 +879,15 @@
   			}
   			StripDomains = crunch_list(optarg);
   			break;
  +		case 'u':
  +			if (optarg)
  +				server_user = strdup(optarg);
  +			else {
  +				fprintf (stderr, "Must specify user name " \
  +				                 "along with -u option.\n");
  +				exit (1);
  +			}
  +			break;
   		case 'v':
   			printf("syslogd %s.%s\n", VERSION, PATCHLEVEL);
   			exit (0);
  @@ -1020,6 +1034,28 @@
   	if (getpid() != ppid)
   		kill (ppid, SIGTERM);
   #endif
  +	/*
  +	* Drop privileges if a user name was specified on
  +	* the command line.
  +	*/
  +	if (server_user) {
  +		struct passwd *pwd;
  +
  +		pwd = getpwnam(server_user);
  +		if (!pwd) {
  +			dprintf("Failed to look up user %s.\n", server_user);
  +			exit(1);
  +		}
  +
  +	/* initgroups should not require the stupid "extra group" thingy */
  +		if (initgroups(server_user, pwd->pw_gid)) {
  +			dprintf("Failed to set groups for user %s.\n", server_user);
  +			exit(1);
  +		}
  +
  +		setgid(pwd->pw_gid);
  +		setuid(pwd->pw_uid);
  +	}
   
   	/* Main loop begins here. */
   	for (;;) {
  @@ -1175,7 +1211,7 @@
   int usage()
   {
   	fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \
  -		" [-s domainlist] [-f conffile]\n");
  +		" [-s domainlist] [-f conffile] [-u username]\n");
   	exit(1);
   }
   
  
  
  



More information about the patches mailing list