src/patches/sysklogd-1.4.1-caen-owl-syslogd-drop-root.diff

   1 diff -ur sysklogd-1.4.1-caen-owl-syslogd-bind/sysklogd.8 sysklogd-1.4.1/sysklogd.8
   2 --- sysklogd-1.4.1-caen-owl-syslogd-bind/sysklogd.8     Mon Oct  8 07:26:27 2001
   3 +++ sysklogd-1.4.1/sysklogd.8   Mon Oct  8 07:30:31 2001
   4 @@ -32,6 +32,9 @@
   5  .RB [ " \-s "
   6  .I domainlist
   7  ]
   8 +.RB [ " \-u"
   9 +.IB username
  10 +]
  11  .RB [ " \-v " ]
  12  .LP
  13  .SH DESCRIPTION
  14 @@ -159,6 +162,19 @@
  15  is specified and the host logging resolves to satu.infodrom.north.de
  16  no domain would be cut, you will have to specify two domains like:
  17  .BR "\-s north.de:infodrom.north.de" .
  18 +.TP
  19 +.BI "\-u " "username"
  20 +This causes the
  21 +.B syslogd
  22 +daemon to become the named user before starting up logging.
  23 +
  24 +Note that when this option is in use,
  25 +.B syslogd
  26 +will open all log files as root when the daemon is first started;
  27 +however, after a
  28 +.B SIGHUP
  29 +the files will be reopened as the non-privileged user.  You should
  30 +take this into account when deciding the ownership of the log files.
  31  .TP
  32  .B "\-v"
  33  Print version and exit.
  34 diff -ur sysklogd-1.4.1-caen-owl-syslogd-bind/syslogd.c sysklogd-1.4.1/syslogd.c
  35 --- sysklogd-1.4.1-caen-owl-syslogd-bind/syslogd.c      Mon Oct  8 07:26:27 2001
  36 +++ sysklogd-1.4.1/syslogd.c    Mon Oct  8 07:40:35 2001
  37 @@ -491,6 +491,10 @@
  38  #include <arpa/nameser.h>
  39  #include <arpa/inet.h>
  40  #include <resolv.h>
  41 +
  42 +#include <pwd.h>
  43 +#include <grp.h>
  44 +
  45  #ifndef TESTING
  46  #include "pidfile.h"
  47  #endif
  48 @@ -737,6 +741,7 @@
  49                                    intermediate host. */
  50
  51  char   *bind_addr = NULL;      /* bind UDP port to this interface only */
  52 +char   *server_user = NULL;    /* user name to run server as */
  53
  54  extern int errno;
  55
  56 @@ -778,6 +783,21 @@
  57  static int create_inet_socket();
  58  #endif
  59
  60 +static int drop_root(void)
  61 +{
  62 +       struct passwd *pw;
  63 +
  64 +       if (!(pw = getpwnam(server_user))) return -1;
  65 +
  66 +       if (!pw->pw_uid) return -1;
  67 +
  68 +       if (initgroups(server_user, pw->pw_gid)) return -1;
  69 +       if (setgid(pw->pw_gid)) return -1;
  70 +       if (setuid(pw->pw_uid)) return -1;
  71 +
  72 +       return 0;
  73 +}
  74 +
  75  int main(argc, argv)
  76         int argc;
  77         char **argv;
  78 @@ -831,7 +851,7 @@
  79                 funix[i]  = -1;
  80         }
  81
  82 -       while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:v")) != EOF)
  83 +       while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:u:v")) != EOF)
  84                 switch((char)ch) {
  85                 case 'a':
  86                         if (nfunix < MAXFUNIX)
  87 @@ -884,6 +904,9 @@
  88                         }
  89                         StripDomains = crunch_list(optarg);
  90                         break;
  91 +               case 'u':
  92 +                       server_user = optarg;
  93 +                       break;
  94                 case 'v':
  95                         printf("syslogd %s.%s\n", VERSION, PATCHLEVEL);
  96                         exit (0);
  97 @@ -1031,6 +1054,11 @@
  98                 kill (ppid, SIGTERM);
  99  #endif
 100
 101 +       if (server_user && drop_root()) {
 102 +               dprintf("syslogd: failed to drop root\n");
 103 +               exit(1);
 104 +       }
 105 +
 106         /* Main loop begins here. */
 107         for (;;) {
 108                 int nfds;
 109 @@ -1185,7 +1213,7 @@
 110  int usage()
 111  {
 112         fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \
 113 -               " [-s domainlist] [-f conffile] [-i IP address]\n");
 114 +               " [-s domainlist] [-f conffile] [-i IP address] [-u username]\n");
 115         exit(1);
 116  }
 117