[people/teissler/ipfire-2.x.git] / src / patches / sysklogd-1.4.1-caen-owl-klogd-drop-root.diff

diff -ur sysklogd-1.4.1.orig/klogd.8 sysklogd-1.4.1/klogd.8
--- sysklogd-1.4.1.orig/klogd.8	Sun Mar 11 22:35:51 2001
+++ sysklogd-1.4.1/klogd.8	Mon Oct  8 09:50:50 2001
@@ -3,8 +3,9 @@
 .\" Sun Jul 30 01:35:55 MET: Martin Schulze: Updates
 .\" Sun Nov 19 23:22:21 MET: Martin Schulze: Updates
 .\" Mon Aug 19 09:42:08 CDT 1996: Dr. G.W. Wettstein: Updates
+.\" Thu Feb 17 2000: Chris Wing: Unprivileged klogd feature
 .\"
-.TH KLOGD 8 "21 August, 1999" "Version 1.4" "Linux System Administration"
+.TH KLOGD 8 "8 October, 2001" "Version 1.4.1+CAEN/OW" "Linux System Administration"
 .SH NAME
 klogd \- Kernel Log Daemon
 .LP
@@ -17,6 +18,12 @@
 .RB [ " \-f "
 .I fname
 ]
+.RB [ " \-u "
+.I username
+]
+.RB [ " \-j "
+.I chroot_dir
+]
 .RB [ " \-iI " ]
 .RB [ " \-n " ]
 .RB [ " \-o " ]
@@ -45,6 +52,20 @@
 .TP
 .BI "\-f " file
 Log messages to the specified filename rather than to the syslog facility.
+.TP
+.BI "\-u " username
+Tells klogd to become the specified user and drop root privileges before
+starting logging.
+.TP
+.BI "\-j " chroot_dir
+Tells klogd to
+.BR chroot (2)
+into this directory after initializing.
+This option is only valid if the \-u option is also used to run klogd
+without root privileges.
+Note that the use of this option will prevent \-i and \-I from working
+unless you set up the chroot directory in such a way that klogd can still
+read the kernel module symbols.
 .TP
 .BI "\-i \-I"
 Signal the currently executing klogd daemon.  Both of these switches control
diff -ur sysklogd-1.4.1.orig/klogd.c sysklogd-1.4.1/klogd.c
--- sysklogd-1.4.1.orig/klogd.c	Sun Mar 11 22:40:10 2001
+++ sysklogd-1.4.1/klogd.c	Mon Oct  8 09:52:06 2001
@@ -258,6 +258,8 @@
 #include <stdarg.h>
 #include <paths.h>
 #include <stdlib.h>
+#include <pwd.h>
+#include <grp.h>
 #include "klogd.h"
 #include "ksyms.h"
 #ifndef TESTING
@@ -308,6 +310,9 @@
 int debugging = 0;
 int symbols_twice = 0;
 
+char *server_user = NULL;
+char *chroot_dir = NULL;
+int log_flags = 0;
 
 /* Function prototypes. */
 extern int ksyslog(int type, char *buf, int len);
@@ -528,8 +533,9 @@
 	 * First do a stat to determine whether or not the proc based
 	 * file system is available to get kernel messages from.
 	 */
-	if ( use_syscall ||
-	    ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)) )
+	if (!server_user &&
+	    (use_syscall ||
+	    ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT))))
 	{
 	  	/* Initialize kernel logging. */
 	  	ksyslog(1, NULL, 0);
@@ -977,6 +983,27 @@
 }
 
 
+static int drop_root(void)
+{
+	struct passwd *pw;
+
+	if (!(pw = getpwnam(server_user))) return -1;
+
+	if (!pw->pw_uid) return -1;
+
+	if (chroot_dir) {
+		if (chroot(chroot_dir)) return -1;
+		if (chdir("/")) return -1;
+	}
+
+	if (setgroups(0, NULL)) return -1;
+	if (setgid(pw->pw_gid)) return -1;
+	if (setuid(pw->pw_uid)) return -1;
+
+	return 0;
+}
+
+
 int main(argc, argv)
 
 	int argc;
@@ -994,7 +1021,7 @@
 	chdir ("/");
 #endif
 	/* Parse the command-line. */
-	while ((ch = getopt(argc, argv, "c:df:iIk:nopsvx2")) != EOF)
+	while ((ch = getopt(argc, argv, "c:df:u:j:iIk:nopsvx2")) != EOF)
 		switch((char)ch)
 		{
 		    case '2':		/* Print lines with symbols twice. */
@@ -1016,6 +1043,10 @@
 		    case 'I':
 			SignalDaemon(SIGUSR2);
 			return(0);
+		    case 'j':		/* chroot 'j'ail */
+			chroot_dir = optarg;
+			log_flags |= LOG_NDELAY;
+			break;
 		    case 'k':		/* Kernel symbol file. */
 			symfile = optarg;
 			break;
@@ -1031,6 +1062,9 @@
 		    case 's':		/* Use syscall interface. */
 			use_syscall = 1;
 			break;
+		    case 'u':		/* Run as this user */
+			server_user = optarg;
+			break;
 		    case 'v':
 			printf("klogd %s.%s\n", VERSION, PATCHLEVEL);
 			exit (1);
@@ -1039,6 +1073,10 @@
 			break;
 		}
 
+	if (chroot_dir && !server_user) {
+		fputs("'-j' is only valid with '-u'", stderr);
+		exit(1);
+	}
 
 	/* Set console logging level. */
 	if ( log_level != (char *) 0 )
@@ -1136,7 +1174,7 @@
 		}
 	}
 	else
-		openlog("kernel", 0, LOG_KERN);
+		openlog("kernel", log_flags, LOG_KERN);
 
 
 	/* Handle one-shot logging. */
@@ -1161,4 +1199,9 @@
 		}
 	}
+
+	if (server_user && drop_root()) {
+		syslog(LOG_ALERT, "klogd: failed to drop root");
+		Terminate();
+	}
 
         /* The main loop. */
Commit	Line	Data
cd1a2927 MT	1	diff -ur sysklogd-1.4.1.orig/klogd.8 sysklogd-1.4.1/klogd.8
	2	--- sysklogd-1.4.1.orig/klogd.8 Sun Mar 11 22:35:51 2001
	3	+++ sysklogd-1.4.1/klogd.8 Mon Oct 8 09:50:50 2001
	4	@@ -3,8 +3,9 @@
	5	.\" Sun Jul 30 01:35:55 MET: Martin Schulze: Updates
	6	.\" Sun Nov 19 23:22:21 MET: Martin Schulze: Updates
	7	.\" Mon Aug 19 09:42:08 CDT 1996: Dr. G.W. Wettstein: Updates
	8	+.\" Thu Feb 17 2000: Chris Wing: Unprivileged klogd feature
	9	.\"
	10	-.TH KLOGD 8 "21 August, 1999" "Version 1.4" "Linux System Administration"
	11	+.TH KLOGD 8 "8 October, 2001" "Version 1.4.1+CAEN/OW" "Linux System Administration"
	12	.SH NAME
	13	klogd \- Kernel Log Daemon
	14	.LP
	15	@@ -17,6 +18,12 @@
	16	.RB [ " \-f "
	17	.I fname
	18	]
	19	+.RB [ " \-u "
	20	+.I username
	21	+]
	22	+.RB [ " \-j "
	23	+.I chroot_dir
	24	+]
	25	.RB [ " \-iI " ]
	26	.RB [ " \-n " ]
	27	.RB [ " \-o " ]
	28	@@ -45,6 +52,20 @@
	29	.TP
	30	.BI "\-f " file
	31	Log messages to the specified filename rather than to the syslog facility.
	32	+.TP
	33	+.BI "\-u " username
	34	+Tells klogd to become the specified user and drop root privileges before
	35	+starting logging.
	36	+.TP
	37	+.BI "\-j " chroot_dir
	38	+Tells klogd to
	39	+.BR chroot (2)
	40	+into this directory after initializing.
	41	+This option is only valid if the \-u option is also used to run klogd
	42	+without root privileges.
	43	+Note that the use of this option will prevent \-i and \-I from working
	44	+unless you set up the chroot directory in such a way that klogd can still
	45	+read the kernel module symbols.
	46	.TP
	47	.BI "\-i \-I"
	48	Signal the currently executing klogd daemon. Both of these switches control
	49	diff -ur sysklogd-1.4.1.orig/klogd.c sysklogd-1.4.1/klogd.c
	50	--- sysklogd-1.4.1.orig/klogd.c Sun Mar 11 22:40:10 2001
	51	+++ sysklogd-1.4.1/klogd.c Mon Oct 8 09:52:06 2001
	52	@@ -258,6 +258,8 @@
	53	#include <stdarg.h>
	54	#include <paths.h>
	55	#include <stdlib.h>
	56	+#include <pwd.h>
	57	+#include <grp.h>
	58	#include "klogd.h"
	59	#include "ksyms.h"
	60	#ifndef TESTING
	61	@@ -308,6 +310,9 @@
	62	int debugging = 0;
	63	int symbols_twice = 0;
	64
65	+char *server_user = NULL;
66	+char *chroot_dir = NULL;
67	+int log_flags = 0;
68
69	/* Function prototypes. */
70	extern int ksyslog(int type, char *buf, int len);
71	@@ -528,8 +533,9 @@
72	* First do a stat to determine whether or not the proc based
73	* file system is available to get kernel messages from.
74	*/
75	- if ( use_syscall \|\|
76	- ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)) )
77	+ if (!server_user &&
78	+ (use_syscall \|\|
79	+ ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT))))
80	{
81	/* Initialize kernel logging. */
82	ksyslog(1, NULL, 0);
83	@@ -977,6 +983,27 @@
84	}
85
86
87	+static int drop_root(void)
88	+{
89	+ struct passwd *pw;
90	+
91	+ if (!(pw = getpwnam(server_user))) return -1;
92	+
93	+ if (!pw->pw_uid) return -1;
94	+
95	+ if (chroot_dir) {
96	+ if (chroot(chroot_dir)) return -1;
97	+ if (chdir("/")) return -1;
98	+ }
99	+
100	+ if (setgroups(0, NULL)) return -1;
101	+ if (setgid(pw->pw_gid)) return -1;
102	+ if (setuid(pw->pw_uid)) return -1;
103	+
104	+ return 0;
105	+}
106	+
107	+
108	int main(argc, argv)
109
110	int argc;
111	@@ -994,7 +1021,7 @@
112	chdir ("/");
113	#endif
114	/* Parse the command-line. */
115	- while ((ch = getopt(argc, argv, "c:df:iIk:nopsvx2")) != EOF)
116	+ while ((ch = getopt(argc, argv, "c:df:u:j:iIk:nopsvx2")) != EOF)
117	switch((char)ch)
118	{
119	case '2': /* Print lines with symbols twice. */
120	@@ -1016,6 +1043,10 @@
121	case 'I':
122	SignalDaemon(SIGUSR2);
123	return(0);
124	+ case 'j': /* chroot 'j'ail */
125	+ chroot_dir = optarg;
126	+ log_flags \|= LOG_NDELAY;
127	+ break;
128	case 'k': /* Kernel symbol file. */
129	symfile = optarg;
130	break;
131	@@ -1031,6 +1062,9 @@
132	case 's': /* Use syscall interface. */
133	use_syscall = 1;
134	break;
135	+ case 'u': /* Run as this user */
136	+ server_user = optarg;
137	+ break;
138	case 'v':
139	printf("klogd %s.%s\n", VERSION, PATCHLEVEL);
140	exit (1);
141	@@ -1039,6 +1073,10 @@
142	break;
143	}
144
145	+ if (chroot_dir && !server_user) {
146	+ fputs("'-j' is only valid with '-u'", stderr);
147	+ exit(1);
148	+ }
149
150	/* Set console logging level. */
151	if ( log_level != (char *) 0 )
152	@@ -1136,7 +1174,7 @@
153	}
154	}
155	else
156	- openlog("kernel", 0, LOG_KERN);
157	+ openlog("kernel", log_flags, LOG_KERN);
158
159
160	/* Handle one-shot logging. */
161	@@ -1161,4 +1199,9 @@
162	}
163	}
164	+
165	+ if (server_user && drop_root()) {
166	+ syslog(LOG_ALERT, "klogd: failed to drop root");
167	+ Terminate();
168	+ }
169
170	/* The main loop. */