infodrom/sysklogd
5 years agoDocument changes master
Joey Schulze [Sat, 4 Oct 2014 19:38:15 +0000 (21:38 +0200)]
Document changes

5 years agoBugfix against minor vulnerability caused by invalid PRI value (CVE-2014-3634)
mancha [Sat, 4 Oct 2014 19:34:41 +0000 (21:34 +0200)]
Bugfix against minor vulnerability caused by invalid PRI value (CVE-2014-3634)

Rainer Gerhards, rsyslog project leader, discovered an issue in rsyslogd
where invalid priority values can trigger DoS and potentially RCE.

As his analysis reveals, the cause of the problem identified in rsyslog's
rsyslogd also exists in sysklogd's syslogd (from which rsyslogd was forked)
and stems from the use of a (LOG_FACMASK|LOG_PRIMASK) mask to detect invalid
priority values.

In sysklogd's syslogd, invalid priority values between 192 and 1023 (directly
or arrived at via overflow wraparound) can propagate through code causing
out-of-bounds access to the f_pmask array within the 'filed' structure by up
to 104 bytes past its end. Though most likely insufficient to reach
unallocated memory because there are around 544 bytes past f_pmask in 'filed'
(mod packing and other differences), incorrect access of fields at higher
positions of the 'filed' structure definition can cause unexpected behavior
including message mis-classification, forwarding issues, message loss,
or other.

This patch imposes a restriction on PRI message parts and requires they
be properly-delimited priority value strings that have non-negative
numerical values not exceeding 191. As before, sysklogd's syslogd permits
zero padding to not break compatibility with RFC-non-compliant loggers that
issue PRIs such as <0091>. Messages without well-formed PRI parts get
logged with priority user.notice (13). (c.f. RFC 3164)

Thanks to Rainer Gerhards for the initial report and analysis.

9 years agoReplace strcpy with memmove to fix continuation line problems
Joey Schulze [Fri, 10 Sep 2010 06:50:59 +0000 (08:50 +0200)]
Replace strcpy with memmove to fix continuation line problems
on 64bit architectures, patch by David Couture.

10 years agoAdjust changelog information
Joey Schulze [Thu, 24 Dec 2009 19:20:49 +0000 (20:20 +0100)]
Adjust changelog information

10 years agoIPv6 support
John Haxby [Mon, 9 Nov 2009 16:15:55 +0000 (16:15 +0000)]
IPv6 support

This patch, apparently, came from the freebsd syslogd.
The patch was subsequently lost although the old Fedora RPM can still
be found.

I took that patch, the current freebsd sources and a dash of salt to
produce a new patch which I have attached.

The patch does two things: it will arrange for syslogd to listen on an
IPv6 socket in addition to the IPv4 socket and it uses getaddrinfo()
and getnameinfo() rather than gethostby[name|addr] and getservbyname.
It would be possible to use a single socket that accepts both IPv6 and
IPv4 datagrams, but this would mean that numeric IPv4 addresses would
be prefixed with ::ffff and this could cause some confusion -- and I'm
also not sure that everything that sysklogd runs on has a dual stack
like that.

I've also introduced the -4, -6 and -A with the same meanings that the
freebsd and rsyslog variants do.

10 years agoDocumentation update
Joey Schulze [Fri, 27 Nov 2009 20:54:06 +0000 (21:54 +0100)]
Documentation update

12 years agoRemove faulty fclose() call. Thanks to Andrea Morandi and Sean Young.
Joey Schulze [Fri, 4 Jul 2008 14:48:42 +0000 (14:48 +0000)]
Remove faulty fclose() call.  Thanks to Andrea Morandi and Sean Young.

12 years agoAdjust indention
Joey Schulze [Sun, 11 May 2008 17:05:24 +0000 (17:05 +0000)]
Adjust indention

12 years agoCorrect logic: flush log files independed of MARK
Joey Schulze [Sun, 11 May 2008 17:04:18 +0000 (17:04 +0000)]
Correct logic: flush log files independed of MARK

12 years agoCorrect calculation
Joey Schulze [Sun, 11 May 2008 17:03:39 +0000 (17:03 +0000)]
Correct calculation

12 years agoDocument "don't output marks to recently written files"
Joey Schulze [Sun, 11 May 2008 16:57:41 +0000 (16:57 +0000)]
Document "don't output marks to recently written files"

12 years agoAdded missing changelog entry
Joey Schulze [Thu, 8 May 2008 19:43:09 +0000 (19:43 +0000)]
Added missing changelog entry

12 years agoCode reorganisation: make sure that the service name is only queried
Joey Schulze [Wed, 7 May 2008 21:00:39 +0000 (21:00 +0000)]
Code reorganisation: make sure that the service name is only queried
when it is needed, i.e. when we are sending to or receiving from the
network

12 years agoThomas Jarosch: Move hostname setting code from main() into init()
Joey Schulze [Sat, 10 Nov 2007 19:01:48 +0000 (19:01 +0000)]
Thomas Jarosch: Move hostname setting code from main() into init()

12 years agoImproved sleep/alarm/mark implementation by
Joey Schulze [Mon, 8 Oct 2007 15:24:06 +0000 (15:24 +0000)]
Improved sleep/alarm/mark implementation by
Alan Jenkins <alan-jenkins@tuffmail.co.uk>

12 years agoAdjusted indention
Joey Schulze [Mon, 8 Oct 2007 09:43:48 +0000 (09:43 +0000)]
Adjusted indention

12 years agoUntypo
Joey Schulze [Sun, 29 Jul 2007 17:37:07 +0000 (17:37 +0000)]
Untypo

13 years agoPrevent pipes from becoming the controlling tty release-1.5.0
Joey Schulze [Wed, 4 Jul 2007 19:04:02 +0000 (19:04 +0000)]
Prevent pipes from becoming the controlling tty

13 years agoReverted patch by Andreas Barth since it caused problems with opening the pipe
Joey Schulze [Wed, 4 Jul 2007 19:00:09 +0000 (19:00 +0000)]
Reverted patch by Andreas Barth since it caused problems with opening the pipe

13 years agoUntypo
Joey Schulze [Wed, 4 Jul 2007 17:36:05 +0000 (17:36 +0000)]
Untypo

13 years agoPreparation for version 1.5
Joey Schulze [Wed, 4 Jul 2007 17:35:22 +0000 (17:35 +0000)]
Preparation for version 1.5

13 years agoUpdated the changelog/documentation
Joey Schulze [Thu, 21 Jun 2007 08:22:59 +0000 (08:22 +0000)]
Updated the changelog/documentation

13 years agoAdjusted the search function to find the symbol associated with an
Joey Schulze [Mon, 18 Jun 2007 07:50:55 +0000 (07:50 +0000)]
Adjusted the search function to find the symbol associated with an
address when EIP address resolving is enabled.

13 years agoBeautification of the output
Joey Schulze [Sun, 17 Jun 2007 19:21:55 +0000 (19:21 +0000)]
Beautification of the output

13 years agoImproved condition
Joey Schulze [Sat, 2 Jun 2007 19:08:52 +0000 (19:08 +0000)]
Improved condition

13 years agoWe need to read all symbols
Joey Schulze [Sat, 2 Jun 2007 19:04:38 +0000 (19:04 +0000)]
We need to read all symbols

13 years agoImproved symbol lookup, since symbols are spread over the entire
Joey Schulze [Thu, 31 May 2007 15:23:42 +0000 (15:23 +0000)]
Improved symbol lookup, since symbols are spread over the entire
address space.  Return the symbol that fits best instead of the first hit.

13 years agoOnly read kernel symbols from /proc/kallsyms if no System.map has been read
Joey Schulze [Thu, 31 May 2007 14:52:20 +0000 (14:52 +0000)]
Only read kernel symbols from /proc/kallsyms if no System.map has been read

13 years agoFormatting & untypo
Joey Schulze [Wed, 30 May 2007 18:46:09 +0000 (18:46 +0000)]
Formatting & untypo

13 years agoCorrection to build tsyslogd again
Joey Schulze [Wed, 30 May 2007 15:43:45 +0000 (15:43 +0000)]
Correction to build tsyslogd again

13 years agoBuild the new oops module with the kernel build system
Joey Schulze [Wed, 30 May 2007 15:28:48 +0000 (15:28 +0000)]
Build the new oops module with the kernel build system

13 years agoComplete rewrite of the oops kernel module for Linux 2.6
Joey Schulze [Wed, 30 May 2007 15:27:13 +0000 (15:27 +0000)]
Complete rewrite of the oops kernel module for Linux 2.6

13 years agoFile not needed anymroe
Joey Schulze [Wed, 30 May 2007 15:26:09 +0000 (15:26 +0000)]
File not needed anymroe

13 years agoUse SKFLAGS instead of CFLAGS due to a conflict with the kernel build system
Joey Schulze [Wed, 30 May 2007 15:24:27 +0000 (15:24 +0000)]
Use SKFLAGS instead of CFLAGS due to a conflict with the kernel build system

13 years agoUntypo
Joey Schulze [Wed, 30 May 2007 10:26:51 +0000 (10:26 +0000)]
Untypo

13 years agoNotify the waiting parent process if the client dies to it doesn't
Joey Schulze [Mon, 28 May 2007 17:45:43 +0000 (17:45 +0000)]
Notify the waiting parent process if the client dies to it doesn't
wait the entire five minutes.

13 years agoImprovements
Joey Schulze [Mon, 28 May 2007 17:25:43 +0000 (17:25 +0000)]
Improvements

13 years agoSpelling and other improvements, many of them from James R. Van Zandt
Joey Schulze [Mon, 28 May 2007 17:24:21 +0000 (17:24 +0000)]
Spelling and other improvements, many of them from James R. Van Zandt

13 years agoPatch by Andreas Barth: Prevent pipes from becoming the controlling tty
Joey Schulze [Mon, 28 May 2007 17:02:06 +0000 (17:02 +0000)]
Patch by Andreas Barth: Prevent pipes from becoming the controlling tty

13 years agoPatch by Matthew Fischer: Remove special treatment of the percent sign
Joey Schulze [Mon, 28 May 2007 16:08:32 +0000 (16:08 +0000)]
Patch by Matthew Fischer: Remove special treatment of the percent sign

13 years agoAdded missing dependencies
Joey Schulze [Mon, 28 May 2007 15:26:23 +0000 (15:26 +0000)]
Added missing dependencies

13 years agoMoved structs to module.h
Joey Schulze [Mon, 28 May 2007 15:26:09 +0000 (15:26 +0000)]
Moved structs to module.h

13 years agoRemoved several structs not used anymore.
Joey Schulze [Mon, 28 May 2007 15:24:57 +0000 (15:24 +0000)]
Removed several structs not used anymore.
Moved structs from ksym_mod.c over here.

13 years agoReturn of the symbols.
Joey Schulze [Mon, 28 May 2007 15:24:33 +0000 (15:24 +0000)]
Return of the symbols.

Linux 2.6 exports its symbols in /proc/kallsyms and does not implement
query_module() anymore.  Thus, the entire scanner has been overhauled.

13 years agoAdded back /usr/src/linux/System.map as fall-back location
Joey Schulze [Mon, 28 May 2007 06:28:37 +0000 (06:28 +0000)]
Added back /usr/src/linux/System.map as fall-back location

13 years agoUpdated address and copyright, shortened AUTHORS section
Joey Schulze [Sun, 27 May 2007 12:16:17 +0000 (12:16 +0000)]
Updated address and copyright, shortened AUTHORS section

13 years agoRemoved superflous newlines
Joey Schulze [Sun, 27 May 2007 12:08:51 +0000 (12:08 +0000)]
Removed superflous newlines

13 years agoMoved the documentation of the console log level into its own section
Joey Schulze [Sun, 27 May 2007 12:05:25 +0000 (12:05 +0000)]
Moved the documentation of the console log level into its own section

13 years agoDon't fiddle with the console log level anymore
Joey Schulze [Sun, 27 May 2007 12:05:01 +0000 (12:05 +0000)]
Don't fiddle with the console log level anymore

13 years agoUse ssize_t and reduced code where appropriate
Joey Schulze [Sat, 26 May 2007 18:44:42 +0000 (18:44 +0000)]
Use ssize_t and reduced code where appropriate

13 years agoImproved daemonise routine to stabilise startup
Joey Schulze [Sat, 26 May 2007 14:37:43 +0000 (14:37 +0000)]
Improved daemonise routine to stabilise startup

13 years agoLog message
Joey Schulze [Sat, 26 May 2007 10:45:55 +0000 (10:45 +0000)]
Log message

13 years agoLog message
Joey Schulze [Sat, 26 May 2007 10:30:46 +0000 (10:30 +0000)]
Log message

13 years agoProperly accompany the MARK message with the facility
Joey Schulze [Sat, 26 May 2007 10:22:34 +0000 (10:22 +0000)]
Properly accompany the MARK message with the facility

13 years agoOnly try to gather the local domain name when messages are received
Joey Schulze [Sat, 26 May 2007 08:05:05 +0000 (08:05 +0000)]
Only try to gather the local domain name when messages are received
from the network, it's not needed otherwise.

13 years agoRemoved test to detect control characters > 0x20 as this prevented
Joey Schulze [Sat, 26 May 2007 07:11:45 +0000 (07:11 +0000)]
Removed test to detect control characters > 0x20 as this prevented
characters encoded in UTF-8 to be properly passed through.  This
prevented a security-related patch by Solar Designer (1.29).

References:
  Debian Bug#315605 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315605>
  RedHat Bug#89292  <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=89292>

13 years agoReset the signal handler in the child
Joey Schulze [Fri, 25 May 2007 18:47:21 +0000 (18:47 +0000)]
Reset the signal handler in the child

13 years agoImproved query_module calls and unified code against former version (1.12)
Joey Schulze [Fri, 25 May 2007 18:07:24 +0000 (18:07 +0000)]
Improved query_module calls and unified code against former version (1.12)

13 years agoAdded missing defines and a prototype so that the code compiles.
Joey Schulze [Fri, 25 May 2007 18:01:26 +0000 (18:01 +0000)]
Added missing defines and a prototype so that the code compiles.
Removed old code that is neither supported nor working anymore

13 years agoConversion to file coding style
Joey Schulze [Fri, 25 May 2007 17:47:46 +0000 (17:47 +0000)]
Conversion to file coding style

13 years agoPatch by Kelledin to use the newer query_module function rather than
Joey Schulze [Fri, 25 May 2007 17:47:16 +0000 (17:47 +0000)]
Patch by Kelledin to use the newer query_module function rather than
the old obsolete hack of stepping thru /dev/kmem.

13 years agoAdded missing dependency to ksyms.h for ksym_mod.c
Joey Schulze [Thu, 24 May 2007 17:48:44 +0000 (17:48 +0000)]
Added missing dependency to ksyms.h for ksym_mod.c

13 years agoAdded missing dependency to module.h for ksym_mod.c
Joey Schulze [Thu, 24 May 2007 17:29:16 +0000 (17:29 +0000)]
Added missing dependency to module.h for ksym_mod.c

13 years agoAdded missing newline
Joey Schulze [Thu, 24 May 2007 14:46:45 +0000 (14:46 +0000)]
Added missing newline

13 years agoFormatting
Joey Schulze [Thu, 24 May 2007 14:07:10 +0000 (14:07 +0000)]
Formatting

13 years agoRemove SO_BSDCOMPAT since it was only support by Linux 2.0 and 2.2,
Joey Schulze [Thu, 24 May 2007 14:04:22 +0000 (14:04 +0000)]
Remove SO_BSDCOMPAT since it was only support by Linux 2.0 and 2.2,
ignored in 2.4 and emitted a warning in 2.6

13 years agoPatch by Mike Frysinger: use socklen_t where appropriate
Joey Schulze [Thu, 24 May 2007 13:56:04 +0000 (13:56 +0000)]
Patch by Mike Frysinger: use socklen_t where appropriate

13 years agoWhen writing log files ignore errors caused by filled up disks so that
Joey Schulze [Thu, 24 May 2007 13:28:18 +0000 (13:28 +0000)]
When writing log files ignore errors caused by filled up disks so that
the log continues to be written as soon as space becomes available again.

13 years agoSpelling fix
Joey Schulze [Mon, 21 May 2007 16:27:39 +0000 (16:27 +0000)]
Spelling fix

13 years agoEscape hyphens
Joey Schulze [Mon, 21 May 2007 16:26:40 +0000 (16:26 +0000)]
Escape hyphens

13 years agoOnly play with the network when the syslog port can be determined.
Joey Schulze [Mon, 21 May 2007 11:00:35 +0000 (11:00 +0000)]
Only play with the network when the syslog port can be determined.
Ignore networking otherwise, but continue working. (Debian Bug#226611)

13 years agoSpelling improvements
Joey Schulze [Sun, 20 May 2007 18:21:15 +0000 (18:21 +0000)]
Spelling improvements

13 years agoPhrasing improvements
Joey Schulze [Sun, 20 May 2007 17:45:59 +0000 (17:45 +0000)]
Phrasing improvements

13 years agoPhrasing correction
Joey Schulze [Sun, 20 May 2007 17:41:01 +0000 (17:41 +0000)]
Phrasing correction

13 years agoPhrasing correction
Joey Schulze [Sun, 20 May 2007 17:40:35 +0000 (17:40 +0000)]
Phrasing correction

13 years agoAdjusted the date
Joey Schulze [Sun, 3 Dec 2006 12:21:37 +0000 (12:21 +0000)]
Adjusted the date

13 years agoAdjusted the date
Joey Schulze [Sun, 3 Dec 2006 12:15:21 +0000 (12:15 +0000)]
Adjusted the date

13 years agoExplanation added by Eric Tucker
Joey Schulze [Thu, 30 Nov 2006 07:59:45 +0000 (07:59 +0000)]
Explanation added by Eric Tucker

13 years agoCorrected typo in syslog.conf(5)
Joey Schulze [Thu, 28 Sep 2006 18:43:36 +0000 (18:43 +0000)]
Corrected typo in syslog.conf(5)

13 years agoProperly use format strings
Joey Schulze [Mon, 18 Sep 2006 09:56:13 +0000 (09:56 +0000)]
Properly use format strings

14 years agoAdded a description of system log level and link to sysctl(8)
Joey Schulze [Thu, 25 May 2006 08:11:49 +0000 (08:11 +0000)]
Added a description of system log level and link to sysctl(8)

14 years agoReset the 'restart' flag immediately after entering the restart code,
Joey Schulze [Thu, 25 May 2006 07:49:54 +0000 (07:49 +0000)]
Reset the 'restart' flag immediately after entering the restart code,
so that subsequent SIGHUPs are able to set it again and cause a new
restart.  This fixes a race condition when somebody sends tons of HUP
signals.

14 years agoRemoved asm/atomic.h since it is not needed anymore.
Joey Schulze [Thu, 25 May 2006 07:15:57 +0000 (07:15 +0000)]
Removed asm/atomic.h since it is not needed anymore.

14 years agoMore LFS options as comments
Joey Schulze [Thu, 25 May 2006 07:12:44 +0000 (07:12 +0000)]
More LFS options as comments

15 years agoApplied adjusted patch by Miquel van Smoorenburg to fix spurious
Joey Schulze [Wed, 25 May 2005 18:08:30 +0000 (18:08 +0000)]
Applied adjusted patch by Miquel van Smoorenburg to fix spurious
hanging syslogd in connection with futex and NPTL introduced in recent
glibc versions and Linux 2.6 (details: http://bugs.debian.org/301511)

15 years agoAdded the date
Joey Schulze [Fri, 11 Mar 2005 16:12:09 +0000 (16:12 +0000)]
Added the date

15 years agoAdded a note to sysctl(8) for setting the console level
Joey Schulze [Fri, 11 Mar 2005 16:11:26 +0000 (16:11 +0000)]
Added a note to sysctl(8) for setting the console level

15 years agoUpdated changes file
Joey Schulze [Sat, 15 Jan 2005 19:14:21 +0000 (19:14 +0000)]
Updated changes file

15 years agoApplied patch by Dirk Mueller <mueller@kde.org> to prevent syslogd
Joey Schulze [Sat, 15 Jan 2005 19:13:08 +0000 (19:13 +0000)]
Applied patch by Dirk Mueller <mueller@kde.org> to prevent syslogd
from crashing when the log file can't grow anymore (e.g. with 2GB
without LargeFileSupport)

15 years agoRemove trailing newline from forwarded messages. This would be turned
Joey Schulze [Sun, 7 Nov 2004 12:52:30 +0000 (12:52 +0000)]
Remove trailing newline from forwarded messages.  This would be turned
into a whitespace by the receiving syslogd and doesn't seem to be
required anyway.

15 years agoDiscard any timestamp information found in received syslog messages.
Joey Schulze [Sun, 7 Nov 2004 11:38:44 +0000 (11:38 +0000)]
Discard any timestamp information found in received syslog messages.
This will affect local messages sent from a different timezone.  Also
removed code due to the changed semantics.  This was inspired by
Anders Henke from Schlund + Partner AG.

15 years agoColin Phipps <cph@cph.demon.co.uk>: Don't block on the network socket,
Joey Schulze [Tue, 2 Nov 2004 19:30:30 +0000 (19:30 +0000)]
Colin Phipps <cph@cph.demon.co.uk>: Don't block on the network socket,
in case a packet gets lost between select and recv. (Debian Bug#275578)

15 years agoRemoved atomic_t in the usecount field of the module struct for
Joey Schulze [Tue, 27 Jul 2004 11:36:10 +0000 (11:36 +0000)]
Removed atomic_t in the usecount field of the module struct for
compatibility reasons, since atomic_t is not defined in <asm/atomic.h>
on all architectures.

15 years agoUlf Härnhammar <Ulf.Harnhammar.9485@student.uu.se>
Joey Schulze [Fri, 16 Jul 2004 06:48:27 +0000 (06:48 +0000)]
Ulf Härnhammar <Ulf.Harnhammar.9485@student.uu.se>

Added boundary check for fscanf() in InitKsyms() and CheckMapVersion()
to prevent an unintended crash when reading an incorrect System.map.

Hello,

I have discovered a potential crash bug in sysklogd. The klogd daemon
doesn't handle really malformed System.map files very well. It has
two fscanf() calls with "%s"format strings that stores to char
sym[512] arrays. This causes a crash if the string field in the
file is longer than that.

Despite being a buffer overflow, this is not a security problem, as
only root can change the System.map file. Nevertheless, I think it
is worth fixing, as the Right Thing for a program should be not to
assume anything about its input and to handle various problems well.

16 years agoDocumentation improvement
Joey Schulze [Fri, 9 Jul 2004 17:33:32 +0000 (17:33 +0000)]
Documentation improvement

16 years agoDocumentation improvements by Greg Trounson <gregt@maths.otago.ac.nz>
Joey Schulze [Fri, 9 Jul 2004 17:22:29 +0000 (17:22 +0000)]
Documentation improvements by Greg Trounson <gregt@maths.otago.ac.nz>

16 years agoAdjust the size of a variable to prevent a buffer overflow
Joey Schulze [Tue, 4 May 2004 14:52:56 +0000 (14:52 +0000)]
Adjust the size of a variable to prevent a buffer overflow
should _PATH_DEV ever contain something different than "/dev/".

16 years agoMinor corrections
Joey Schulze [Tue, 4 May 2004 14:50:18 +0000 (14:50 +0000)]
Minor corrections

16 years agoPatch: sysklogd-1.4.1-owl-longjmp.diff from Openwall
Joey Schulze [Tue, 4 May 2004 14:49:23 +0000 (14:49 +0000)]
Patch: sysklogd-1.4.1-owl-longjmp.diff from Openwall
From: Solar Designer <solar@openwall.com>

1. Ensures that "len" is not placed in a register and as such can't be
clobbered by longjmp().  With the particular code, it does not really
matter whether it is clobbered or not, but this avoids the gcc warning.

2. Makes endtty() the signal handler only after the variable that
function uses is initialized.  In the original code, the signal
handler was setup too early and if there would be SIGALRM before
control reaches setjmp(), syslogd would segfault (if not worse).

Basically, this is a minor correctness patch.

16 years agoPatch by Dmitry V. Levin <ldv@altlinux.org>
Joey Schulze [Thu, 29 Apr 2004 16:10:10 +0000 (16:10 +0000)]
Patch by Dmitry V. Levin <ldv@altlinux.org>

  Close file descriptor in FindSymbolFile() in order not to leak file
  descriptors.