+++ /dev/null
-diff -ur sysklogd-1.4.1.orig/klogd.8 sysklogd-1.4.1/klogd.8
---- sysklogd-1.4.1.orig/klogd.8 Sun Mar 11 22:35:51 2001
-+++ sysklogd-1.4.1/klogd.8 Mon Oct 8 09:50:50 2001
-@@ -3,8 +3,9 @@
- .\" Sun Jul 30 01:35:55 MET: Martin Schulze: Updates
- .\" Sun Nov 19 23:22:21 MET: Martin Schulze: Updates
- .\" Mon Aug 19 09:42:08 CDT 1996: Dr. G.W. Wettstein: Updates
-+.\" Thu Feb 17 2000: Chris Wing: Unprivileged klogd feature
- .\"
--.TH KLOGD 8 "21 August, 1999" "Version 1.4" "Linux System Administration"
-+.TH KLOGD 8 "8 October, 2001" "Version 1.4.1+CAEN/OW" "Linux System Administration"
- .SH NAME
- klogd \- Kernel Log Daemon
- .LP
-@@ -17,6 +18,12 @@
- .RB [ " \-f "
- .I fname
- ]
-+.RB [ " \-u "
-+.I username
-+]
-+.RB [ " \-j "
-+.I chroot_dir
-+]
- .RB [ " \-iI " ]
- .RB [ " \-n " ]
- .RB [ " \-o " ]
-@@ -45,6 +52,20 @@
- .TP
- .BI "\-f " file
- Log messages to the specified filename rather than to the syslog facility.
-+.TP
-+.BI "\-u " username
-+Tells klogd to become the specified user and drop root privileges before
-+starting logging.
-+.TP
-+.BI "\-j " chroot_dir
-+Tells klogd to
-+.BR chroot (2)
-+into this directory after initializing.
-+This option is only valid if the \-u option is also used to run klogd
-+without root privileges.
-+Note that the use of this option will prevent \-i and \-I from working
-+unless you set up the chroot directory in such a way that klogd can still
-+read the kernel module symbols.
- .TP
- .BI "\-i \-I"
- Signal the currently executing klogd daemon. Both of these switches control
-diff -ur sysklogd-1.4.1.orig/klogd.c sysklogd-1.4.1/klogd.c
---- sysklogd-1.4.1.orig/klogd.c Sun Mar 11 22:40:10 2001
-+++ sysklogd-1.4.1/klogd.c Mon Oct 8 09:52:06 2001
-@@ -258,6 +258,8 @@
- #include <stdarg.h>
- #include <paths.h>
- #include <stdlib.h>
-+#include <pwd.h>
-+#include <grp.h>
- #include "klogd.h"
- #include "ksyms.h"
- #ifndef TESTING
-@@ -308,6 +310,9 @@
- int debugging = 0;
- int symbols_twice = 0;
-
-+char *server_user = NULL;
-+char *chroot_dir = NULL;
-+int log_flags = 0;
-
- /* Function prototypes. */
- extern int ksyslog(int type, char *buf, int len);
-@@ -528,8 +533,9 @@
- * First do a stat to determine whether or not the proc based
- * file system is available to get kernel messages from.
- */
-- if ( use_syscall ||
-- ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)) )
-+ if (!server_user &&
-+ (use_syscall ||
-+ ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT))))
- {
- /* Initialize kernel logging. */
- ksyslog(1, NULL, 0);
-@@ -977,6 +983,27 @@
- }
-
-
-+static int drop_root(void)
-+{
-+ struct passwd *pw;
-+
-+ if (!(pw = getpwnam(server_user))) return -1;
-+
-+ if (!pw->pw_uid) return -1;
-+
-+ if (chroot_dir) {
-+ if (chroot(chroot_dir)) return -1;
-+ if (chdir("/")) return -1;
-+ }
-+
-+ if (setgroups(0, NULL)) return -1;
-+ if (setgid(pw->pw_gid)) return -1;
-+ if (setuid(pw->pw_uid)) return -1;
-+
-+ return 0;
-+}
-+
-+
- int main(argc, argv)
-
- int argc;
-@@ -994,7 +1021,7 @@
- chdir ("/");
- #endif
- /* Parse the command-line. */
-- while ((ch = getopt(argc, argv, "c:df:iIk:nopsvx2")) != EOF)
-+ while ((ch = getopt(argc, argv, "c:df:u:j:iIk:nopsvx2")) != EOF)
- switch((char)ch)
- {
- case '2': /* Print lines with symbols twice. */
-@@ -1016,6 +1043,10 @@
- case 'I':
- SignalDaemon(SIGUSR2);
- return(0);
-+ case 'j': /* chroot 'j'ail */
-+ chroot_dir = optarg;
-+ log_flags |= LOG_NDELAY;
-+ break;
- case 'k': /* Kernel symbol file. */
- symfile = optarg;
- break;
-@@ -1031,6 +1062,9 @@
- case 's': /* Use syscall interface. */
- use_syscall = 1;
- break;
-+ case 'u': /* Run as this user */
-+ server_user = optarg;
-+ break;
- case 'v':
- printf("klogd %s.%s\n", VERSION, PATCHLEVEL);
- exit (1);
-@@ -1039,6 +1073,10 @@
- break;
- }
-
-+ if (chroot_dir && !server_user) {
-+ fputs("'-j' is only valid with '-u'", stderr);
-+ exit(1);
-+ }
-
- /* Set console logging level. */
- if ( log_level != (char *) 0 )
-@@ -1136,7 +1174,7 @@
- }
- }
- else
-- openlog("kernel", 0, LOG_KERN);
-+ openlog("kernel", log_flags, LOG_KERN);
-
-
- /* Handle one-shot logging. */
-@@ -1161,4 +1199,9 @@
- }
- }
-+
-+ if (server_user && drop_root()) {
-+ syslog(LOG_ALERT, "klogd: failed to drop root");
-+ Terminate();
-+ }
-
- /* The main loop. */