diff options
author | glebius <glebius@FreeBSD.org> | 2004-11-04 23:09:57 +0000 |
---|---|---|
committer | glebius <glebius@FreeBSD.org> | 2004-11-04 23:09:57 +0000 |
commit | dfc6a366e7b882f80c120f4c99900e60c89ca279 (patch) | |
tree | 13d68b1840b739aaaa64351fb83f58c68c26472e /usr.sbin/syslogd/syslogd.8 | |
parent | 76ec624d7493ab72c8ed404fad83c31125ee70f8 (diff) | |
download | FreeBSD-src-dfc6a366e7b882f80c120f4c99900e60c89ca279.zip FreeBSD-src-dfc6a366e7b882f80c120f4c99900e60c89ca279.tar.gz |
Protect against local flooder of /var/run/log. Do not loop forever in
syslog(3) if we are a priveleged program (sshd, su, etc.).
- Make syslogd open an additional socket /var/run/logpriv, with 0600
permissions.
- In libc, try to use this socket.
- Do not loop forever if we are using this socket (partial backout of 1.31)
Reviewed by: dwmalone, Andrea Campi <andrea webcom it>
Approved by: julian (mentor)
MFC after: 1 month
Diffstat (limited to 'usr.sbin/syslogd/syslogd.8')
-rw-r--r-- | usr.sbin/syslogd/syslogd.8 | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/usr.sbin/syslogd/syslogd.8 b/usr.sbin/syslogd/syslogd.8 index 2e276bd..5514fd5 100644 --- a/usr.sbin/syslogd/syslogd.8 +++ b/usr.sbin/syslogd/syslogd.8 @@ -250,8 +250,10 @@ The .Nm utility reads messages from the .Ux -domain socket -.Pa /var/run/log , +domain sockets +.Pa /var/run/log +and +.Pa /var/run/logpriv , from an Internet domain socket specified in .Pa /etc/services , and from the special device @@ -293,6 +295,9 @@ default process ID file name of the .Ux domain datagram log socket +.It Pa /var/run/logpriv +.Ux +socket for priveleged applications .It Pa /dev/klog kernel log device .El |