Your message dated Sat, 11 May 2013 10:05:52 +0000 with message-id <[email protected]> and subject line Bug#707655: Removed package(s) from unstable has caused the Debian Bug report #35325, regarding sysklogd: There should be a way to run sysklogd without root privileges (please revert this NMU) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 35325: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=35325 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: sysklogd Version: 1.3-26 Severity: wishlist Syslogd does not need superuser privileges except for startup. Klogd needs privileges to open /proc/kmsg, but in current kernels (2.0.34, 2.1.107) non-root reading from the file descriptor fails. That should eventually be fixed. This patch implements a new flag, -u user which causes syslogd and klogd to call setuid(user). diff -ru ./klogd.c.orig ./klogd.c --- ./klogd.c.orig Sun Jun 28 23:22:48 1998 +++ ./klogd.c Sun Jun 28 23:26:49 1998 @@ -216,6 +216,7 @@ #include <stdarg.h> #include <paths.h> #include <stdlib.h> +#include <pwd.h> #include "klogd.h" #include "ksyms.h" #include "pidfile.h" @@ -240,7 +241,7 @@ static char *PidFile = "/etc/klogd.pid"; #endif -static int kmsg, +static int kmsg = -1, change_state = 0, terminate = 0, caught_TSTP = 0, @@ -490,7 +491,7 @@ return(kernel); } - if ( (kmsg = open(_PATH_KLOG, O_RDONLY)) < 0 ) + if ( kmsg == -1 && (kmsg = open(_PATH_KLOG, O_RDONLY)) < 0 ) { fprintf(stderr, "klogd: Cannot open proc file system, " \ "%d - %s.\n", errno, strerror(errno)); @@ -878,10 +879,13 @@ auto char *log_level = (char *) 0, *output = (char *) 0; + uid_t uid = 0; + gid_t gid; + struct passwd *pw; chdir ("/"); /* Parse the command-line. */ - while ((ch = getopt(argc, argv, "c:df:iIk:nopsvx")) != EOF) + while ((ch = getopt(argc, argv, "c:df:iIk:nopsu:vx")) != EOF) switch((char)ch) { case 'c': /* Set console message level. */ @@ -915,6 +919,15 @@ case 's': /* Use syscall interface. */ use_syscall = 1; break; + case 'u': + pw = getpwnam(optarg); + if (!pw) { + printf("Bad user name %s\n", optarg); + break; + } + uid = pw->pw_uid; + gid = pw->pw_gid; + break; case 'v': printf("klogd %s-%s\n", VERSION, PATCHLEVEL); exit (1); @@ -1044,6 +1057,11 @@ if (symbol_lookup) { InitKsyms(symfile); InitMsyms(); + } + + if (uid > 0) { + setgid(gid); + setuid(uid); } /* The main loop. */ diff -ru ./syslogd.c.orig ./syslogd.c --- ./syslogd.c.orig Sun Jun 28 23:22:49 1998 +++ ./syslogd.c Tue Jun 23 15:07:01 1998 @@ -400,6 +400,7 @@ #include <arpa/nameser.h> #include <arpa/inet.h> #include <resolv.h> +#include <pwd.h> #include "pidfile.h" #include "version.h" @@ -700,9 +701,12 @@ char line[MAXLINE +1]; extern int optind; extern char *optarg; + uid_t uid = 0; + gid_t gid; + struct passwd *pw; chdir ("/"); - while ((ch = getopt(argc, argv, "dhf:l:m:np:rs:v")) != EOF) + while ((ch = getopt(argc, argv, "dhf:l:m:np:rs:u:v")) != EOF) switch((char)ch) { case 'd': /* debug */ Debug = 1; @@ -741,6 +745,15 @@ } StripDomains = crunch_list(optarg); break; + case 'u': /* user */ + pw = getpwnam(optarg); + if (!pw) { + printf("Bad user name %s\n", optarg); + break; + } + uid = pw->pw_uid; + gid = pw->pw_gid; + break; case 'v': printf("syslogd %s-%s\n", VERSION, PATCHLEVEL); exit (0); @@ -865,6 +878,11 @@ { dprintf("Debugging disabled, SIGUSR1 to turn on debugging.\n"); debugging_on = 0; + } + + if (uid > 0) { + setgid(gid); + setuid(uid); } /* Main loop begins here. */ --- Begin /etc/init.d/sysklogd (modified conffile) test -f /sbin/klogd || exit 0 test -f /sbin/syslogd || exit 0 SYSLOGD="-u syslogd" KLOGD="-u syslogd" case "$1" in start) echo -n "Starting system log daemon: syslogd" start-stop-daemon --start --quiet --exec /sbin/syslogd -- $SYSLOGD echo -n " klogd" start-stop-daemon --start --quiet --exec /sbin/klogd -- $KLOGD echo "." ;; stop) echo -n "Stopping system log daemon: klogd" start-stop-daemon --stop --quiet --pidfile /var/run/klogd.pid echo -n " syslogd" start-stop-daemon --stop --quiet --pidfile /var/run/syslogd.pid echo "." ;; reload|force-reload) start-stop-daemon --stop --quiet --signal 1 --pidfile /var/run/syslogd.pid ;; restart) echo -n "Stopping system log daemon: klogd" start-stop-daemon --stop --quiet --pidfile /var/run/klogd.pid echo " syslogd" start-stop-daemon --stop --quiet --pidfile /var/run/syslogd.pid sleep 1 echo -n "Starting system log daemon: syslogd" start-stop-daemon --start --quiet --exec /sbin/syslogd -- $SYSLOGD echo -n " klogd" start-stop-daemon --start --quiet --exec /sbin/klogd -- $KLOGD echo "." ;; *) echo "Usage: /etc/init.d/sysklogd {start|stop|reload|restart|force-reload}" exit 1 esac exit 0 --- End /etc/init.d/sysklogd --- Begin /etc/cron.daily/sysklogd (modified conffile) cd /var/log for LOG in `syslogd-listfiles` do if [ -f $LOG ]; then savelog -g adm -m 640 -u syslogd -c 7 $LOG >/dev/null fi done for LOG in `syslogd-listfiles --auth` do if [ -f $LOG ]; then chown syslogd.adm $LOG chmod o-rwx $LOG fi done /etc/init.d/sysklogd reload --- End /etc/cron.daily/sysklogd --- Begin /etc/cron.weekly/sysklogd (modified conffile) cd /var/log for LOG in `syslogd-listfiles --weekly` do if [ -f $LOG ]; then savelog -g adm -m 640 -u syslogd -c 4 $LOG >/dev/null fi done for LOG in `syslogd-listfiles --auth` do if [ -f $LOG ]; then chown syslogd.adm $LOG chmod o-rwx $LOG fi done /etc/init.d/sysklogd reload --- End /etc/cron.weekly/sysklogd
--- End Message ---
--- Begin Message ---Version: 1.5-6.2+rm Dear submitter, as the package sysklogd has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see http://bugs.debian.org/707655 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]. Debian distribution maintenance software pp. Ansgar Burchardt (the ftpmaster behind the curtain)
--- End Message ---
