Martin Schulze wrote: > Even worse, syslogd only reads what is provided on /dev/log. > > The socket is world writable, glibc's syslog() function writes > to it, from any program. Restricting its write access to root > would effectively disable syslogging.
syslogd could use getsockopt(SO_PEERCRED) to get a ucred structure and work out the user who has opened /dev/log and include that info in the log somewhere. This would require no special glibc support. If you want generic code to do that on a unix socket (works on linux, and probably freebsd, and possibly other bsd's), I can provide it. Where in the log to put this information without changing the format and breaking a lot of stuff, I do not know. -- see shy jo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
