From owner-freebsd-bugs@FreeBSD.ORG Thu Apr 26 11:40:08 2012 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C7E6F1065676 for ; Thu, 26 Apr 2012 11:40:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 9DEB18FC15 for ; Thu, 26 Apr 2012 11:40:08 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q3QBe8VM001277 for ; Thu, 26 Apr 2012 11:40:08 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q3QBe8Y0001276; Thu, 26 Apr 2012 11:40:08 GMT (envelope-from gnats) Resent-Date: Thu, 26 Apr 2012 11:40:08 GMT Resent-Message-Id: <201204261140.q3QBe8Y0001276@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Jeremy Chadwick Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D040B106566C for ; Thu, 26 Apr 2012 11:37:30 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from qmta06.emeryville.ca.mail.comcast.net (qmta06.emeryville.ca.mail.comcast.net [76.96.30.56]) by mx1.freebsd.org (Postfix) with ESMTP id 7B03B8FC14 for ; Thu, 26 Apr 2012 11:37:30 +0000 (UTC) Received: from omta17.emeryville.ca.mail.comcast.net ([76.96.30.73]) by qmta06.emeryville.ca.mail.comcast.net with comcast id 2bDl1j0051afHeLA6bdQzA; Thu, 26 Apr 2012 11:37:24 +0000 Received: from koitsu.dyndns.org ([67.180.84.87]) by omta17.emeryville.ca.mail.comcast.net with comcast id 2bdQ1j0071t3BNj8dbdQFS; Thu, 26 Apr 2012 11:37:24 +0000 Received: by icarus.home.lan (Postfix, from userid 1000) id C5D39102C1E; Thu, 26 Apr 2012 04:37:23 -0700 (PDT) Message-Id: <20120426113723.C5D39102C1E@icarus.home.lan> Date: Thu, 26 Apr 2012 04:37:23 -0700 (PDT) From: Jeremy Chadwick To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: dougb@FreeBSD.org Subject: kern/167321: Implement sysctl to control kernel accounting log messages (e.g. acct(2)) X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Jeremy Chadwick List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2012 11:40:08 -0000 >Number: 167321 >Category: kern >Synopsis: Implement sysctl to control kernel accounting log messages (e.g. acct(2)) >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Apr 26 11:40:08 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Jeremy Chadwick >Release: FreeBSD 8.2-STABLE amd64 >Organization: >Environment: System: FreeBSD icarus.home.lan 8.2-STABLE FreeBSD 8.2-STABLE #0: Fri Feb 10 17:43:50 PST 2012 root@icarus.home.lan:/usr/obj/usr/src/sys/X7SBA_RELENG_8_amd64 amd64 >Description: The periodic script daily/310.accounting results in accounting being fully stopped then fully started every day. This causes the message "Accounting disabled" followed by "Accounting enabled" being printed on the console (syslog level kern.notice). This happens because daily/310.accounting calls /etc/rc.d/accounting with the argument rotate_log. This function quite literally calls /usr/sbin/accton twice. See accounting_rotate_log() (read it slowly) to see what's going on. The messages comes from src/sys/kern/kern_acct.c, where log(LOG_NOTICE, "...") is called every time accounting is toggled via the acct(2) syscall (accomplished via accton(8)). The end result is a kernel message buffer that will eventually be filled with the above two messages. This is extremely annoying, and unecessary for something like accounting log rotation. We wanted to use accounting (mainly for tracking disk I/O on a per-user and per-process level), but because of this problem, we had to cease use of it. >How-To-Repeat: 1. Set accounting_enabled="yes" in /etc/rc.conf 2. Start accounting via "/etc/rc.d/accounting start" 3. Look at "dmesg" or /var/log/messages 4. Run /etc/periodic/daily/310.accounting 5. Look at "dmesg" or /var/log/messages >Fix: There's a couple ways to fix this, but I'm of the opinion this is the best choice with the least breakage: Implement a sysctl called kern.acct_logging which would control whether or not the log() statements are called. 1=enable logging, 0=disable logging. Default value would be 1 (to remain fully compatible with the existing model). Toggling this sysctl WOULD NOT result in any log() message being generated (i.e. no "Account logging disabled" message or similar), because if it did, we've solved absolutely nothing. Key point for those concerned about security ("wait, what if someone turns off logging? Wouldn't you want to know that?"): acct(2) can only be called by root, and sysctls can only be modified by root. An attacker who wanted to circumvent accounting would have to already have root. Thus, the sysctl variable poses no security concern. If there are still somehow security concerns, then this could be made into a loader-adjustable-only tunable. I'd be happy to write the kernel code for this (it can't be that complex), but I would need someone senior to make sure it's safe/wouldn't cause problems. The kernel is not my most familiar of playgrounds. >Release-Note: >Audit-Trail: >Unformatted: