1 diff -ur sysklogd-1.4.1.orig/klogd.8 sysklogd-1.4.1/klogd.8
2 --- sysklogd-1.4.1.orig/klogd.8 Sun Mar 11 22:35:51 2001
3 +++ sysklogd-1.4.1/klogd.8 Mon Oct 8 09:50:50 2001
5 .\" Sun Jul 30 01:35:55 MET: Martin Schulze: Updates
6 .\" Sun Nov 19 23:22:21 MET: Martin Schulze: Updates
7 .\" Mon Aug 19 09:42:08 CDT 1996: Dr. G.W. Wettstein: Updates
8 +.\" Thu Feb 17 2000: Chris Wing: Unprivileged klogd feature
10 -.TH KLOGD 8 "21 August, 1999" "Version 1.4" "Linux System Administration"
11 +.TH KLOGD 8 "8 October, 2001" "Version 1.4.1+CAEN/OW" "Linux System Administration"
13 klogd \- Kernel Log Daemon
31 Log messages to the specified filename rather than to the syslog facility.
34 +Tells klogd to become the specified user and drop root privileges before
37 +.BI "\-j " chroot_dir
40 +into this directory after initializing.
41 +This option is only valid if the \-u option is also used to run klogd
42 +without root privileges.
43 +Note that the use of this option will prevent \-i and \-I from working
44 +unless you set up the chroot directory in such a way that klogd can still
45 +read the kernel module symbols.
48 Signal the currently executing klogd daemon. Both of these switches control
49 diff -ur sysklogd-1.4.1.orig/klogd.c sysklogd-1.4.1/klogd.c
50 --- sysklogd-1.4.1.orig/klogd.c Sun Mar 11 22:40:10 2001
51 +++ sysklogd-1.4.1/klogd.c Mon Oct 8 09:52:06 2001
63 int symbols_twice = 0;
65 +char *server_user = NULL;
66 +char *chroot_dir = NULL;
69 /* Function prototypes. */
70 extern int ksyslog(int type, char *buf, int len);
72 * First do a stat to determine whether or not the proc based
73 * file system is available to get kernel messages from.
76 - ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)) )
79 + ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT))))
81 /* Initialize kernel logging. */
87 +static int drop_root(void)
91 + if (!(pw = getpwnam(server_user))) return -1;
93 + if (!pw->pw_uid) return -1;
96 + if (chroot(chroot_dir)) return -1;
97 + if (chdir("/")) return -1;
100 + if (setgroups(0, NULL)) return -1;
101 + if (setgid(pw->pw_gid)) return -1;
102 + if (setuid(pw->pw_uid)) return -1;
114 /* Parse the command-line. */
115 - while ((ch = getopt(argc, argv, "c:df:iIk:nopsvx2")) != EOF)
116 + while ((ch = getopt(argc, argv, "c:df:u:j:iIk:nopsvx2")) != EOF)
119 case '2': /* Print lines with symbols twice. */
120 @@ -1016,6 +1043,10 @@
122 SignalDaemon(SIGUSR2);
124 + case 'j': /* chroot 'j'ail */
125 + chroot_dir = optarg;
126 + log_flags |= LOG_NDELAY;
128 case 'k': /* Kernel symbol file. */
131 @@ -1031,6 +1062,9 @@
132 case 's': /* Use syscall interface. */
135 + case 'u': /* Run as this user */
136 + server_user = optarg;
139 printf("klogd %s.%s\n", VERSION, PATCHLEVEL);
141 @@ -1039,6 +1073,10 @@
145 + if (chroot_dir && !server_user) {
146 + fputs("'-j' is only valid with '-u'", stderr);
150 /* Set console logging level. */
151 if ( log_level != (char *) 0 )
152 @@ -1136,7 +1174,7 @@
156 - openlog("kernel", 0, LOG_KERN);
157 + openlog("kernel", log_flags, LOG_KERN);
160 /* Handle one-shot logging. */
161 @@ -1161,4 +1199,9 @@
165 + if (server_user && drop_root()) {
166 + syslog(LOG_ALERT, "klogd: failed to drop root");