public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/3604] syslog: messages meant for LOG_KERN go to LOG_USER
[not found] <bug-3604-131@http.sourceware.org/bugzilla/>
@ 2021-03-10 1:31 ` draymond at foxvalley dot net
2021-04-13 20:15 ` adhemerval.zanella at linaro dot org
1 sibling, 0 replies; 6+ messages in thread
From: draymond at foxvalley dot net @ 2021-03-10 1:31 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=3604
Dan Raymond <draymond at foxvalley dot net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |draymond at foxvalley dot net
--- Comment #5 from Dan Raymond <draymond at foxvalley dot net> ---
I realize this is a very old bug report but I would like to request another
look. The klogd implementation in BusyBox suffers from this problem even today
(14 years after this bug was reported). It generates messages using the
LOG_KERN facility but they show up in the system log with the LOG_USER
facility.
ltrace shows:
openlog("kernel", 0, 0)
syslog(5, "klogd started: %s", "BusyBox v1.33.0 (2021-03-08 20:48:21 MST)")
strace shows:
sendto(3, "<13>Mar 9 17:58:45 kernel: klogd started: BusyBox v1.33.0
(2021-03-08 20:48:21 MST)", 84, MSG_NOSIGNAL, NULL, 0)
/var/log/messages contains:
Mar 9 17:58:45 myhost user.notice kernel: klogd started: BusyBox v1.33.0
(2021-03-08 20:48:21 MST)
This is incorrect. The socket write generated by syslog(3) should be using <5>
which is kernel.notice instead of <13> which is user.notice. In my opinion
glibc interpreted the POSIX standard incorrectly. It states the following with
regard to openlog():
"The facility argument encodes a default facility to be assigned to all
messages that do not have an explicit facility already encoded. The initial
default facility is LOG_USER."
My reading is that the default facility is LOG_USER until a call to openlog()
changes it. In the example above klogd called openlog() with 'facility' set to
LOG_KERN.
I am not convinced by the argument that user mode is not allowed to use
LOG_KERN. Any user mode application can open a socket to '/dev/log' and send a
message with priority <0> through <7>. As originally reported: that is exactly
what some implementations of klogd (which runs in user mode) do in order to
circumvent this problem.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/3604] syslog: messages meant for LOG_KERN go to LOG_USER
[not found] <bug-3604-131@http.sourceware.org/bugzilla/>
2021-03-10 1:31 ` [Bug libc/3604] syslog: messages meant for LOG_KERN go to LOG_USER draymond at foxvalley dot net
@ 2021-04-13 20:15 ` adhemerval.zanella at linaro dot org
1 sibling, 0 replies; 6+ messages in thread
From: adhemerval.zanella at linaro dot org @ 2021-04-13 20:15 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=3604
Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |adhemerval.zanella at linaro dot o
| |rg
Resolution|WORKSFORME |FIXED
--- Comment #6 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> ---
Fixed on 2.34.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/3604] syslog: messages meant for LOG_KERN go to LOG_USER
2006-11-28 2:54 [Bug libc/3604] New: " et at tallmaple dot com
` (2 preceding siblings ...)
2006-11-29 23:40 ` jakub at redhat dot com
@ 2007-02-16 7:20 ` drepper at redhat dot com
3 siblings, 0 replies; 6+ messages in thread
From: drepper at redhat dot com @ 2007-02-16 7:20 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2007-02-16 07:20 -------
The behavior is correct. Userlevel simply isn't allowed to log with LOG_KERN.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
http://sourceware.org/bugzilla/show_bug.cgi?id=3604
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/3604] syslog: messages meant for LOG_KERN go to LOG_USER
2006-11-28 2:54 [Bug libc/3604] New: " et at tallmaple dot com
2006-11-28 18:42 ` [Bug libc/3604] " et at tallmaple dot com
2006-11-29 23:25 ` et at tallmaple dot com
@ 2006-11-29 23:40 ` jakub at redhat dot com
2007-02-16 7:20 ` drepper at redhat dot com
3 siblings, 0 replies; 6+ messages in thread
From: jakub at redhat dot com @ 2006-11-29 23:40 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From jakub at redhat dot com 2006-11-29 23:40 -------
>From my reading of POSIX, openlog ("something", LOG_PID|LOG_CONS, 0)
is supposed to use current default facility value:
http://www.opengroup.org/onlinepubs/009695399/functions/openlog.html
"If no facility value is specified, the current default facility value is used."
FYI LOG_KERN is not among valid facility arguments in POSIX.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=3604
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/3604] syslog: messages meant for LOG_KERN go to LOG_USER
2006-11-28 2:54 [Bug libc/3604] New: " et at tallmaple dot com
2006-11-28 18:42 ` [Bug libc/3604] " et at tallmaple dot com
@ 2006-11-29 23:25 ` et at tallmaple dot com
2006-11-29 23:40 ` jakub at redhat dot com
2007-02-16 7:20 ` drepper at redhat dot com
3 siblings, 0 replies; 6+ messages in thread
From: et at tallmaple dot com @ 2006-11-29 23:25 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From et at tallmaple dot com 2006-11-29 23:25 -------
...so if this behavior is maintained, perhaps the openlog() man page could
mention that LOG_KERN for the facility parameter is actually treated as LOG_USER.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=3604
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/3604] syslog: messages meant for LOG_KERN go to LOG_USER
2006-11-28 2:54 [Bug libc/3604] New: " et at tallmaple dot com
@ 2006-11-28 18:42 ` et at tallmaple dot com
2006-11-29 23:25 ` et at tallmaple dot com
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: et at tallmaple dot com @ 2006-11-28 18:42 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From et at tallmaple dot com 2006-11-28 18:42 -------
I'm guessing now that this was intentional, to make it harder for userland
programs to "spoof" messages from the kernel. I see that klogd has its own
implementation of this API which seems to be about the same, except with this
limitation removed.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=3604
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-04-13 20:15 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <bug-3604-131@http.sourceware.org/bugzilla/>
2021-03-10 1:31 ` [Bug libc/3604] syslog: messages meant for LOG_KERN go to LOG_USER draymond at foxvalley dot net
2021-04-13 20:15 ` adhemerval.zanella at linaro dot org
2006-11-28 2:54 [Bug libc/3604] New: " et at tallmaple dot com
2006-11-28 18:42 ` [Bug libc/3604] " et at tallmaple dot com
2006-11-29 23:25 ` et at tallmaple dot com
2006-11-29 23:40 ` jakub at redhat dot com
2007-02-16 7:20 ` drepper at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).