diff --git a/sysklogd/klogd.c b/sysklogd/klogd.c index 0d4c2578d..db32065fb 100644 --- a/sysklogd/klogd.c +++ b/sysklogd/klogd.c @@ -150,12 +150,41 @@ int klogd_main(int argc UNUSED_PARAM, char **argv) */ klogd_open(); openlog("kernel", 0, LOG_KERN); + /* + * glibc problem: for some reason, glibc changes LOG_KERN to LOG_USER + * above. The logic behind this is that standard + * http://pubs.opengroup.org/onlinepubs/9699919799/functions/syslog.html + * says the following about openlog and syslog: + * "LOG_USER + * Messages generated by arbitrary processes. + * This is the default facility identifier if none is specified." + * + * I believe glibc misinterpreted this text as "if openlog's + * third parameter is 0 (=LOG_KERN), treat it as LOG_USER". + * Whereas it was meant to say "if *syslog* is called with facility + * 0 in its 1st parameter without prior call to openlog, then perform + * implicit openlog(LOG_USER)". + * + * As a result of this, eh, feature, standard klogd was forced + * to open-code its own openlog and syslog implementation (!). + * + * Note that prohibiting openlog(LOG_KERN) on libc level does not + * add any security: any process can open a socket to "/dev/log" + * and write a string "<0>Voila, a LOG_KERN + LOG_EMERG message" + * + * Google code search tells me there is no widespread use of + * openlog("foo", 0, 0), thus fixing glibc won't break userspace. + * + * The bug against glibc was filed: + * bugzilla.redhat.com/show_bug.cgi?id=547000 + */ if (i) klogd_setloglevel(i); - bb_signals(BB_FATAL_SIGS, record_signo); signal(SIGHUP, SIG_IGN); + /* We want klogd_read to not be restarted, thus _norestart: */ + bb_signals_recursive_norestart(BB_FATAL_SIGS, record_signo); syslog(LOG_NOTICE, "klogd started: %s", bb_banner);