Date: Tue, 11 Aug 1998 09:33:33 -0400 From: Nathan Dorfman <nathan@fcc.net> To: freebsd-current@FreeBSD.ORG Subject: syslogd modification Message-ID: <19980811093333.A11944@fcc.net>
next in thread | raw e-mail | index | archive | help
How about adding yet another -s option to syslogd? There is no reason
for a luser to be able to do something like
logger -p auth.notice -t su BAD SU bob to root on /dev/ttyp3
On a machine with many users (such as a shell server), would it make
sense to keep all log sockets 0660 root/wheel? Something like:
--- syslogd.c Tue Aug 11 08:59:19 1998
+++ syslogd.c.orig Tue Aug 11 08:51:45 1998
@@ -385,8 +385,7 @@
if (funix[i] < 0 ||
bind(funix[i], (struct sockaddr *)&sunx,
SUN_LEN(&sunx)) < 0 ||
- chmod(funixn[i], SecureMode >= 2 ? 0660: 0666) < 0 ||
- chown(funixn[i], 0, 0) < 0) {
+ chmod(funixn[i], 0666) < 0) {
(void) snprintf(line, sizeof line,
"cannot create %s", funixn[i]);
logerror(line);
This approach, as opposed to simply chmodding the file in /etc/rc, may
work better when you are using -l to create additional log sockets and
want them with these permissions too. With this patch, just run
syslogd -ssl /tmp/foolog -l /tmp/barlog
If this is the Wrong Thing To Do (tm) can someone point out why?
--
Nathan Dorfman | E-mail: nathan@fcc.net
Frontline Communications | Front desk: 914-623-8553:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980811093333.A11944>