Hi,
As discussed with millert@ a while ago, syslogd(8) should keep
running as long as possible.
On Sun, Jan 01, 2017 at 09:05:58PM +0100, Alexander Bluhm wrote:
> Regular programs should die as early as possible when an error
> occurs, then it can be fixed. But syslogd is special. If it dies,
> you become blind and don't see any errors at all. An attacker could
> exploit this. So I think syslogd should exit during startup e.g.
> if an invalid option was specified. But then it should just log
> errors and run as many subsystems as possible.
ok?
bluhm
Index: usr.sbin/syslogd/syslogd.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.230
diff -u -p -r1.230 syslogd.c
--- usr.sbin/syslogd/syslogd.c 16 Mar 2017 23:55:19 -0000 1.230
+++ usr.sbin/syslogd/syslogd.c 17 Mar 2017 01:32:19 -0000
@@ -506,47 +506,35 @@ main(int argc, char *argv[])
}
if (socket_bind("udp", NULL, "syslog", SecureMode,
- &fd_udp, &fd_udp6) == -1) {
+ &fd_udp, &fd_udp6) == -1)
logerrorx("socket bind *");
- if (!Debug)
- die(0);
- }
if ((fd_bind = reallocarray(NULL, nbind, sizeof(*fd_bind))) == NULL)
err(1, "bind fd");
for (i = 0; i < nbind; i++) {
if (socket_bind("udp", bind_host[i], bind_port[i], 0,
- &fd_bind[i], &fd_bind[i]) == -1) {
+ &fd_bind[i], &fd_bind[i]) == -1)
logerrorx("socket bind udp");
- if (!Debug)
- die(0);
- }
}
if ((fd_listen = reallocarray(NULL, nlisten, sizeof(*fd_listen)))
== NULL)
err(1, "listen fd");
for (i = 0; i < nlisten; i++) {
if (socket_bind("tcp", listen_host[i], listen_port[i], 0,
- &fd_listen[i], &fd_listen[i]) == -1) {
+ &fd_listen[i], &fd_listen[i]) == -1)
logerrorx("socket listen tcp");
- if (!Debug)
- die(0);
- }
}
fd_tls = -1;
if (tls_host && socket_bind("tls", tls_host, tls_port, 0,
- &fd_tls, &fd_tls) == -1) {
+ &fd_tls, &fd_tls) == -1)
logerrorx("socket listen tls");
- if (!Debug)
- die(0);
- }
if ((fd_unix = reallocarray(NULL, nunix, sizeof(*fd_unix))) == NULL)
err(1, "malloc unix");
for (i = 0; i < nunix; i++) {
fd_unix[i] = unix_socket(path_unix[i], SOCK_DGRAM, 0666);
if (fd_unix[i] == -1) {
- if (i == 0 && !Debug)
- die(0);
+ if (i == 0)
+ logerrorx("log socket failed");
continue;
}
double_sockbuf(fd_unix[i], SO_RCVBUF);
@@ -554,29 +542,28 @@ main(int argc, char *argv[])
if (socketpair(AF_UNIX, SOCK_DGRAM, PF_UNSPEC, pair) == -1) {
logerror("socketpair");
- die(0);
+ fd_sendsys = -1;
+ } else {
+ double_sockbuf(pair[0], SO_RCVBUF);
+ double_sockbuf(pair[1], SO_SNDBUF);
+ fd_sendsys = pair[0];
}
- double_sockbuf(pair[0], SO_RCVBUF);
- double_sockbuf(pair[1], SO_SNDBUF);
- fd_sendsys = pair[0];
fd_ctlsock = fd_ctlconn = -1;
if (path_ctlsock != NULL) {
fd_ctlsock = unix_socket(path_ctlsock, SOCK_STREAM, 0600);
if (fd_ctlsock == -1) {
logdebug("can't open %s (%d)\n", path_ctlsock, errno);
- if (!Debug)
- die(0);
} else {
if (listen(fd_ctlsock, 5) == -1) {
logerror("ctlsock listen");
- die(0);
+ close(fd_ctlsock);
+ fd_ctlsock = -1;
}
}
}
- fd_klog = open(_PATH_KLOG, O_RDONLY, 0);
- if (fd_klog == -1) {
+ if ((fd_klog = open(_PATH_KLOG, O_RDONLY, 0)) == -1) {
logdebug("can't open %s (%d)\n", _PATH_KLOG, errno);
} else {
if (ioctl(fd_klog, LIOCSFD, &pair[1]) == -1)
@@ -916,7 +903,7 @@ socket_bind(const char *proto, const cha
"proto %s, host %s, port %s: %s",
proto, host ? host : "*", port, gai_strerror(error));
logerrorx(ebuf);
- die(0);
+ return (-1);
}
for (res = res0; res; res = res->ai_next) {
@@ -3014,7 +3001,7 @@ unix_socket(char *path, int type, mode_t
sizeof(s_un.sun_path)) {
snprintf(ebuf, sizeof(ebuf), "socket path too long: %s", path);
logerrorx(ebuf);
- die(0);
+ return (-1);
}
if ((fd = socket(AF_UNIX, type, 0)) == -1) {
