| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Do not leak syslog_mutex on cancellation.
Approved by: re (marius)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In r228193 the test of CONNPRIV have been moved to before the _usleep
and send in vsyslog(). When syslogd restarts, this would prevent the
message being logged after the disconnect/connect dance for
scenario #1.
PR: 194751
Submitted by: Peter Creath <pjcreath+freebsd gmail com>
Reviewed By: glebius
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D1227
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This fixes a race condition where another thread may fork() before CLOEXEC
is set, unintentionally passing the descriptor to the child process.
This commit only adds O_CLOEXEC flags to open() or openat() calls where no
fcntl(fd, F_SETFD, FD_CLOEXEC) follows. The separate fcntl() call still
leaves a race window so it should be fixed later.
|
| |
|
|
|
|
|
|
|
| |
The use of assertions in libraries is not widely accepted.
Requested by: bde, scottl
Approved by: cperciva
MFC after: 3 days
X-MFC-With: r237286
|
| |
|
|
|
|
|
|
|
|
| |
Add a sanity check for the validity of the passed fd.
PR: kern/139080 [1]
Submitted by: Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua> [1]
Reviewed by: pjd (briefly)
Approved by: cperciva
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
vs. the comment documented "If we are working with a privileged socket,
then take only one attempt". Make the code match.
Furthermore, critical privileged applications that [over] log a vast amount
can look like a DoS to this code. Given it's unlikely the single reattempted
send() will succeeded, avoid usurping the scheduler in a library API for a
single non-critical facility in critical applications.
Obtained from: Juniper Networks
Discussed with: glebius
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
|
|
| |
clause.
# If I've done so improperly on a file, please let me know.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The symptom is that syslog() fails to log anything but the "ident"
string if LOG_PERROR is specified to openlog(3) and the extensible
printf is in action.
For unclear, likely quaint historical reasons, syslog uses fwopen()
on a stack buffer, rather than using the more straightforward
and faster snprintf().
Along the way, fflush(3) is called, and since the callback writer
function returns zero instead of the length "written", __SERR
naturally gets set on the filedescriptor.
The extensible printf, in difference from the normal printf refuses
to output anything to an __SERR marked filedescriptor, and thus
the actual syslog message is supressed.
MFC: after 2 weeks
|
| |
|
|
| |
may change errno unexpectly.
|
| |
|
|
|
| |
Prior to this it was calling the cancellable usleep() while holding
a lock.
|
| | |
|
| |
|
|
|
|
|
| |
PR: bin/72394
Submitted by: Dan Nelson
Reviewed by: deischen
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
| |
failed, not always.
PR: bin/75356
Submitted by: Mark Knight <markk knigma org>
Pointy hat to: glebius
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
syslog(3) if we are a priveleged program (sshd, su, etc.).
- Make syslogd open an additional socket /var/run/logpriv, with 0600
permissions.
- In libc, try to use this socket.
- Do not loop forever if we are using this socket (partial backout of 1.31)
Reviewed by: dwmalone, Andrea Campi <andrea webcom it>
Approved by: julian (mentor)
MFC after: 1 month
|
| |
|
|
|
|
|
|
|
|
| |
This fixes a case, when DoSed syslogd completely loses messages.
PR: bin/72366
Discussed with: dwmalone, millert@OpenBSD.org
Approved by: julian (mentor)
Obtained from: OpenBSD (rev. 1.17, 1.21 by millert)
MFC after: 3 months
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
"A trailing newline is added if none is present."
The code in syslogd, stderr, and console output always adds a newline
at the EOL. However, the existing code never actually removed a
trailing newline, and apparently relied on syslogd to convert it
into a space character. Thus, the existing newline was converted
to a trailing space at the EOL by syslogd, while stderr, and console
output resulted in an empty line.
MFC after: 2 weeks
|
| |
|
|
|
| |
the %m into the errno and then vfprintf would expand the % and the first
character of the strerror(3) return causing possible data corruption.
|
| |
|
|
|
|
|
|
|
|
|
| |
caused by dynamic PAM modules that call openlog(3) and closelog(3),
e.g. ports/security/pam_pwdfile.
What happened here is that the module first registered its "ident"
with openlog(3), then PAM library unloaded module with dlclose(3),
and the next call to syslog(3) resulted in SIGSEGV.
MFC after: 3 days
|
| |
|
|
| |
Submitted by: keramida
|
| |
|
|
|
|
| |
Also, make an internal _getprogname() that is used only inside
libc. For libc, getprogname(3) is a weak symbol in case a
function of the same name is defined in userland.
|
| |
|
|
|
|
|
|
|
|
|
| |
to the console in a final attempt to log something. Make this final
attempt non-blocking so that a blocking console doesn't end up
blocking process which attempt to syslog something.
In particular, this means you should be able to su and fix the
problem if the console becomes blocking.
MFC after: 3 weeks
|
| |
|
|
|
| |
* Remove 'register'. (some functions had 7+ register functions...)
* Fix SCM ID's.
|
| |
|
|
|
|
|
|
| |
clobber a ctime buffer which is passed in.
PR: 34022
Submitted by: Hartmut Brandt <brandt@fokus.gmd.de>
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
adding (weak definitions to) stubs for some of the pthread
functions. If the threads library is linked in, the real
pthread functions will pulled in.
Use the following convention for system calls wrapped by the
threads library:
__sys_foo - actual system call
_foo - weak definition to __sys_foo
foo - weak definition to __sys_foo
Change all libc uses of system calls wrapped by the threads
library from foo to _foo. In order to define the prototypes
for _foo(), we introduce namespace.h and un-namespace.h
(suggested by bde). All files that need to reference these
system calls, should include namespace.h before any standard
includes, then include un-namespace.h after the standard
includes and before any local includes. <db.h> is an exception
and shouldn't be included in between namespace.h and
un-namespace.h namespace.h will define foo to _foo, and
un-namespace.h will undefine foo.
Try to eliminate some of the recursive calls to MT-safe
functions in libc/stdio in preparation for adding a mutex
to FILE. We have recursive mutexes, but would like to avoid
using them if possible.
Remove uneeded includes of <errno.h> from a few files.
Add $FreeBSD$ to a few files in order to pass commitprep.
Approved by: -arch
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
just use _foo() <-- foo(). In the case of a libpthread that doesn't do
call conversion (such as linuxthreads and our upcoming libpthread), this
is adequate. In the case of libc_r, we still need three names, which are
now _thread_sys_foo() <-- _foo() <-- foo().
Convert all internal libc usage of: aio_suspend(), close(), fsync(), msync(),
nanosleep(), open(), fcntl(), read(), and write() to _foo() instead of foo().
Remove all internal libc usage of: creat(), pause(), sleep(), system(),
tcdrain(), wait(), and waitpid().
Make thread cancellation fully POSIX-compliant.
Suggested by: deischen
|
| |
|
|
|
|
| |
points. For library functions, the pattern is __sleep() <--
_libc_sleep() <-- sleep(). The arrows represent weak aliases. For
system calls, the pattern is _read() <-- _libc_read() <-- read().
|
| | |
|
| |
|
|
| |
Pointed out by: bde
|
| | |
|
| |
|
|
| |
Pointed out by: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
|
| |
|
|
| |
Suggested by: Theo de Raadt <deraadt@openbsd.org>
|
| |
|
|
|
| |
This wasn't a problem in practice as PATH_LOG and PATH_OLDLOG
are both < sizeof sockaddr::sa_data.
|
| |
|
|
|
|
|
|
| |
modern FreeBSD systems will syslog properly on older systems that
still name the logging socket "/dev/log". This includes pre-2.2
versions of FreeBSD as well as BSD/OS systems. If the connect to
"/var/run/log" fails, the function now tries to connect to
"/dev/log" as a fallback.
|
| |
|
|
|
| |
filesystem include updates, duplicate group suppression, cleanups,
filesystem whiteout support (unionfs), bidir popen().
|
| | |
|
| |
|
|
|
|
|
|
| |
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
|
| |
|
|
| |
Submitted-By: Kent Vander Velden <graphix@iastate.edu>
|
| |
|
|
|
|
|
|
| |
reconnect once using the saved openlog() parameters.
This helps one of the system startup race conditions. If syslogd takes too
long to get going, some daemons can fail the connection and forever log
to the console even though the syslogd is running. That is ..unfortunate..
|
| | |
|
| |
|
|
| |
fair bit. I forgot to add it when I made the fixes some time ago.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
What was happening, is if syslogd was not running, syslog() would do
a strcat("\r\n") on a non-null-terminated buffer, and write it to the console.
This meant that sometimes extra characters could be written to the console
during boot, depending on the stack contents.
This totally avoids the potential problem by using writev() like the rest
of the does, and avoid modifying the buffer after the trouble we've gone to
to carefully protect it.
This is actually a trivial fix, in spite of the long commit message.. :-)
It only appeared during boot and shutdown with syslogd stopped.
|
| |
|
|
|
|
|
|
| |
control hooks.
It is similar to an unrolled multi-part snprintf(), in that a "FILE *" is
attached to a string buffer. There is also an optimisation for the case
where the syslog format string does not contain %m, which should improve
performance of "informational" logging, like from ftpd.
|
| |
|
|
|
| |
change strftime to ctime. Logfiles must have default (english) date/time
representation for access/view from various places.
|
| |
|
|
| |
Submitted by: Ruslan Belkin <rus@home2.UA.net>
|
| |
|
