On Sat, Feb 12, 2011 at 10:56 AM, Otto Moerbeek <o...@drijf.net> wrote: >> > On Sat, Feb 12, 2011 at 9:49 AM, Eric <airu...@gmail.com> wrote: >> >> I'm making some modifications to syslogd/syslog so that I can control >> access >> >> to log sockets and have a set of high integrity log files that didn't >> >> receive logs >> >> from world-writable log sockets. Briefly, this means: ... > Yes, originally permissions on sockets were not enforced. But creating > a socket and setting permissions on it is still subject to race > conditions. So in practice you'll need dirs.
...and directories solve the group ownership too: a new UNIX domain socket will inherit the group of the directory it's created in. So syslogd doesn't need any special code for handling the creation of the socket, you just need the code to filter based on source socket and the code to have syslog() go to an alternate socket. Regarding the latter: if you're intending that this should affect all programs without any changes to the program themselves, then this will require much care and verification that it doesn't bloat everything. Consider that *every* C program on OpenBSD pulls in syslog_r() to support the stack-protector check code. If that starts pulling the NIS code for getgrgid() to do the gid -> name mapping to find the syslog socket, then many binaries will grow. That code would _have_ to be excluded from the libc used in ramdisk builds! Philip Guenther
