Protect against local flooder of /var/run/log. Do not loop forever in

syslog(3) if we are a priveleged program (sshd, su, etc.).

- Make syslogd open an additional socket /var/run/logpriv, with 0600
  permissions.
- In libc, try to use this socket.
- Do not loop forever if we are using this socket (partial backout of 1.31)

Reviewed by:	dwmalone, Andrea Campi <andrea webcom it>
Approved by:	julian (mentor)
MFC after:	1 month

1 files changed, 7 insertions, 2 deletions

diff --git a/usr.sbin/syslogd/syslogd.8 b/usr.sbin/syslogd/syslogd.8
index 2e276bd..5514fd5 100644
--- a/usr.sbin/syslogd/syslogd.8
+++ b/usr.sbin/syslogd/syslogd.8
@@ -250,8 +250,10 @@ The
 .Nm
 utility reads messages from the
 .Ux
-domain socket
-.Pa /var/run/log ,
+domain sockets
+.Pa /var/run/log
+and
+.Pa /var/run/logpriv ,
 from an Internet domain socket specified in
 .Pa /etc/services ,
 and from the special device
@@ -293,6 +295,9 @@ default process ID file
 name of the
 .Ux
 domain datagram log socket
+.It Pa /var/run/logpriv
+.Ux
+socket for priveleged applications
 .It Pa /dev/klog
 kernel log device
 .El