[Bug libc/3604] syslog: messages meant for LOG_KERN go to LOG_USER

[Bug libc/3604] syslog: messages meant for LOG_KERN go to LOG_USER

[draymond at foxvalley dot net]

https://sourceware.org/bugzilla/show_bug.cgi?id=3604

Dan Raymond <draymond at foxvalley dot net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |draymond at foxvalley dot net

--- Comment #5 from Dan Raymond <draymond at foxvalley dot net> ---
I realize this is a very old bug report but I would like to request another
look.  The klogd implementation in BusyBox suffers from this problem even today
(14 years after this bug was reported).  It generates messages using the
LOG_KERN facility but they show up in the system log with the LOG_USER
facility.

ltrace shows:

openlog("kernel", 0, 0)
syslog(5, "klogd started: %s", "BusyBox v1.33.0 (2021-03-08 20:48:21 MST)")

strace shows:

sendto(3, "<13>Mar  9 17:58:45 kernel: klogd started: BusyBox v1.33.0
(2021-03-08 20:48:21 MST)", 84, MSG_NOSIGNAL, NULL, 0)

/var/log/messages contains:

Mar  9 17:58:45 myhost user.notice kernel: klogd started: BusyBox v1.33.0
(2021-03-08 20:48:21 MST)

This is incorrect.  The socket write generated by syslog(3) should be using <5>
which is kernel.notice instead of <13> which is user.notice.  In my opinion
glibc interpreted the POSIX standard incorrectly.  It states the following with
regard to openlog():

"The facility argument encodes a default facility to be assigned to all
messages that do not have an explicit facility already encoded. The initial
default facility is LOG_USER."

My reading is that the default facility is LOG_USER until a call to openlog()
changes it.  In the example above klogd called openlog() with 'facility' set to
LOG_KERN.

I am not convinced by the argument that user mode is not allowed to use
LOG_KERN.  Any user mode application can open a socket to '/dev/log' and send a
message with priority <0> through <7>.  As originally reported: that is exactly
what some implementations of klogd (which runs in user mode) do in order to
circumvent this problem.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/3604] syslog: messages meant for LOG_KERN go to LOG_USER

[adhemerval.zanella at linaro dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=3604

Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |adhemerval.zanella at linaro dot o
                   |                            |rg
         Resolution|WORKSFORME                  |FIXED

--- Comment #6 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> ---
Fixed on 2.34.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/3604] syslog: messages meant for LOG_KERN go to LOG_USER

[drepper at redhat dot com]

------- Additional Comments From drepper at redhat dot com  2007-02-16 07:20 -------
The behavior is correct.  Userlevel simply isn't allowed to log with LOG_KERN.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WORKSFORME


http://sourceware.org/bugzilla/show_bug.cgi?id=3604

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug libc/3604] syslog: messages meant for LOG_KERN go to LOG_USER

[jakub at redhat dot com]

------- Additional Comments From jakub at redhat dot com  2006-11-29 23:40 -------
>From my reading of POSIX, openlog ("something", LOG_PID|LOG_CONS, 0)
is supposed to use current default facility value:
http://www.opengroup.org/onlinepubs/009695399/functions/openlog.html
"If no facility value is specified, the current default facility value is used."
FYI LOG_KERN is not among valid facility arguments in POSIX.

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=3604

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug libc/3604] syslog: messages meant for LOG_KERN go to LOG_USER

[et at tallmaple dot com]

------- Additional Comments From et at tallmaple dot com  2006-11-29 23:25 -------
...so if this behavior is maintained, perhaps the openlog() man page could
mention that LOG_KERN for the facility parameter is actually treated as LOG_USER.


-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=3604

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug libc/3604] syslog: messages meant for LOG_KERN go to LOG_USER

[et at tallmaple dot com]

------- Additional Comments From et at tallmaple dot com  2006-11-28 18:42 -------
I'm guessing now that this was intentional, to make it harder for userland
programs to "spoof" messages from the kernel.  I see that klogd has its own
implementation of this API which seems to be about the same, except with this
limitation removed.


-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=3604

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.