Re: syslogd(8) Dropping Privs
On Sat, Jun 05, 2004 at 06:21:29PM +1000, Darren Reed wrote:
> ...and this works in the case of SIGHUP too ?
>
> i.e. re-read syslogd.conf and can open new files r/w root only ?
Syslogd(8) does NOT run as root by the time log files are openned
at startup or a reconfig (SIGHUP). As I stated in the original
message, the log files will have to be writable by the user. Same
goes for writting messages to users via their ttys. Although having
things set up otherwise is probably rare, make sure that the user
can read the configuration file.
What do we do while still root? Open the UNIX domain log sockets
(/var/run/log and any others specified) and open the network socket
(514/udp by default or whatever specified). The PID file is also
written while still root.
I'm thinking of writing a "conversion" script to make the required
changes.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 6 之 6 篇):