Hi, As discussed with millert@ a while ago, syslogd(8) should keep running as long as possible.
On Sun, Jan 01, 2017 at 09:05:58PM +0100, Alexander Bluhm wrote: > Regular programs should die as early as possible when an error > occurs, then it can be fixed. But syslogd is special. If it dies, > you become blind and don't see any errors at all. An attacker could > exploit this. So I think syslogd should exit during startup e.g. > if an invalid option was specified. But then it should just log > errors and run as many subsystems as possible. ok? bluhm Index: usr.sbin/syslogd/syslogd.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v retrieving revision 1.230 diff -u -p -r1.230 syslogd.c --- usr.sbin/syslogd/syslogd.c 16 Mar 2017 23:55:19 -0000 1.230 +++ usr.sbin/syslogd/syslogd.c 17 Mar 2017 01:32:19 -0000 @@ -506,47 +506,35 @@ main(int argc, char *argv[]) } if (socket_bind("udp", NULL, "syslog", SecureMode, - &fd_udp, &fd_udp6) == -1) { + &fd_udp, &fd_udp6) == -1) logerrorx("socket bind *"); - if (!Debug) - die(0); - } if ((fd_bind = reallocarray(NULL, nbind, sizeof(*fd_bind))) == NULL) err(1, "bind fd"); for (i = 0; i < nbind; i++) { if (socket_bind("udp", bind_host[i], bind_port[i], 0, - &fd_bind[i], &fd_bind[i]) == -1) { + &fd_bind[i], &fd_bind[i]) == -1) logerrorx("socket bind udp"); - if (!Debug) - die(0); - } } if ((fd_listen = reallocarray(NULL, nlisten, sizeof(*fd_listen))) == NULL) err(1, "listen fd"); for (i = 0; i < nlisten; i++) { if (socket_bind("tcp", listen_host[i], listen_port[i], 0, - &fd_listen[i], &fd_listen[i]) == -1) { + &fd_listen[i], &fd_listen[i]) == -1) logerrorx("socket listen tcp"); - if (!Debug) - die(0); - } } fd_tls = -1; if (tls_host && socket_bind("tls", tls_host, tls_port, 0, - &fd_tls, &fd_tls) == -1) { + &fd_tls, &fd_tls) == -1) logerrorx("socket listen tls"); - if (!Debug) - die(0); - } if ((fd_unix = reallocarray(NULL, nunix, sizeof(*fd_unix))) == NULL) err(1, "malloc unix"); for (i = 0; i < nunix; i++) { fd_unix[i] = unix_socket(path_unix[i], SOCK_DGRAM, 0666); if (fd_unix[i] == -1) { - if (i == 0 && !Debug) - die(0); + if (i == 0) + logerrorx("log socket failed"); continue; } double_sockbuf(fd_unix[i], SO_RCVBUF); @@ -554,29 +542,28 @@ main(int argc, char *argv[]) if (socketpair(AF_UNIX, SOCK_DGRAM, PF_UNSPEC, pair) == -1) { logerror("socketpair"); - die(0); + fd_sendsys = -1; + } else { + double_sockbuf(pair[0], SO_RCVBUF); + double_sockbuf(pair[1], SO_SNDBUF); + fd_sendsys = pair[0]; } - double_sockbuf(pair[0], SO_RCVBUF); - double_sockbuf(pair[1], SO_SNDBUF); - fd_sendsys = pair[0]; fd_ctlsock = fd_ctlconn = -1; if (path_ctlsock != NULL) { fd_ctlsock = unix_socket(path_ctlsock, SOCK_STREAM, 0600); if (fd_ctlsock == -1) { logdebug("can't open %s (%d)\n", path_ctlsock, errno); - if (!Debug) - die(0); } else { if (listen(fd_ctlsock, 5) == -1) { logerror("ctlsock listen"); - die(0); + close(fd_ctlsock); + fd_ctlsock = -1; } } } - fd_klog = open(_PATH_KLOG, O_RDONLY, 0); - if (fd_klog == -1) { + if ((fd_klog = open(_PATH_KLOG, O_RDONLY, 0)) == -1) { logdebug("can't open %s (%d)\n", _PATH_KLOG, errno); } else { if (ioctl(fd_klog, LIOCSFD, &pair[1]) == -1) @@ -916,7 +903,7 @@ socket_bind(const char *proto, const cha "proto %s, host %s, port %s: %s", proto, host ? host : "*", port, gai_strerror(error)); logerrorx(ebuf); - die(0); + return (-1); } for (res = res0; res; res = res->ai_next) { @@ -3014,7 +3001,7 @@ unix_socket(char *path, int type, mode_t sizeof(s_un.sun_path)) { snprintf(ebuf, sizeof(ebuf), "socket path too long: %s", path); logerrorx(ebuf); - die(0); + return (-1); } if ((fd = socket(AF_UNIX, type, 0)) == -1) {