diff -u rsyslog-3.22.0/debian/rsyslog.init rsyslog-3.22.0/debian/rsyslog.init --- rsyslog-3.22.0/debian/rsyslog.init +++ rsyslog-3.22.0/debian/rsyslog.init @@ -25,6 +25,8 @@ RSYSLOGD_BIN=/usr/sbin/rsyslogd RSYSLOGD_OPTIONS="-c3" RSYSLOGD_PIDFILE=/var/run/rsyslogd.pid +KMSG_PIDFILE=/var/run/rsyslog/kmsgpipe.pid +KMSG_PIPE=/var/run/rsyslog/kmsg SCRIPTNAME=/etc/init.d/$NAME @@ -43,6 +45,15 @@ DAEMON_ARGS="$RSYSLOGD_OPTIONS" PIDFILE="$RSYSLOGD_PIDFILE" + # create syslog-writeable pid and fifo directory + mkdir -p /var/run/rsyslog + chown syslog:syslog /var/run/rsyslog + mkfifo -m 600 $KMSG_PIPE + chown syslog:syslog $KMSG_PIPE + + # shovel /proc/kmsg to pipe readable by klogd user + start-stop-daemon --start --pidfile $KMSG_PIDFILE --exec /bin/dd -b -m -- if=/proc/kmsg of=$KMSG_PIPE + # Return # 0 if daemon has been started # 1 if daemon was already running @@ -60,16 +71,10 @@ # 1 if daemon was already stopped # other if daemon could not be stopped or a failure occurred start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME -} -# -# Tell rsyslogd to reload its configuration -# -do_reload() { - NAME="$RSYSLOGD" - PIDFILE="$RSYSLOGD_PIDFILE" - - start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE --name $NAME + # stop kmsgpipe + start-stop-daemon --stop --quiet --oknodo --pidfile $KMSG_PIDFILE + rm -f $KMSG_PIDFILE $KMSG_PIPE } create_xconsole() { @@ -86,6 +91,8 @@ mkdir -p $OMITDIR rm -f $OMITDIR/rsyslog ln -s $RSYSLOGD_PIDFILE $OMITDIR/rsyslog + rm -f $OMITDIR/rsyslog-kmsg + ln -s $KMSG_PIDFILE $OMITDIR/rsyslog-kmsg } case "$1" in @@ -113,12 +120,7 @@ esac ;; - reload|force-reload) - log_daemon_msg "Reloading $DESC" "$RSYSLOGD" - do_reload - log_end_msg $? - ;; - restart) + reload|force-reload|restart) $0 stop $0 start ;; diff -u rsyslog-3.22.0/debian/control rsyslog-3.22.0/debian/control --- rsyslog-3.22.0/debian/control +++ rsyslog-3.22.0/debian/control @@ -1,7 +1,8 @@ Source: rsyslog Section: admin Priority: important -Maintainer: Michael Biebl +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Michael Biebl Build-Depends: debhelper (>= 7.0.9), quilt, autotools-dev, zlib1g-dev, libmysqlclient15-dev, libpq-dev, libkrb5-dev, libgnutls-dev, librelp-dev, pkg-config Standards-Version: 3.8.1 Vcs-Git: git://git.debian.org/git/collab-maint/rsyslog.git @@ -13,7 +14,7 @@ Priority: important Conflicts: system-log-daemon, linux-kernel-log-daemon Provides: system-log-daemon, linux-kernel-log-daemon -Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.2-14) +Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.2-14), adduser, ucf (>= 0.8) Recommends: logrotate Suggests: rsyslog-mysql | rsyslog-pgsql, rsyslog-doc, rsyslog-gnutls, rsyslog-gssapi, rsyslog-relp Description: enhanced multi-threaded syslogd diff -u rsyslog-3.22.0/debian/rsyslog.postinst rsyslog-3.22.0/debian/rsyslog.postinst --- rsyslog-3.22.0/debian/rsyslog.postinst +++ rsyslog-3.22.0/debian/rsyslog.postinst @@ -66,6 +66,27 @@ fi done fi + + user_conf=/etc/rsyslog.d/default.conf + default_conf=/usr/share/rsyslog/default.conf + + # Upgrade handling for config file. We copy syslog.conf if it exists and + # is modified, else use our default fresh-install config. + if dpkg --compare-versions "$2" lt "3.22.0-1ubuntu1"; then + old_conf=/etc/syslog.conf + if [ -e $old_conf ]; then + md5sum="`md5sum \"$old_conf\" | sed -e \"s/ .*//\"`" + old_md5sum="`sed -n -e \"/^Conffiles:/,/^[^ ]/{\\\\' $old_conf'{s/.* //;p}}\" /var/lib/dpkg/status`" + if [ "$md5sum" != "$old_md5sum" ]; then + cp -n $old_conf $user_conf + fi + fi + fi + + ucf --three-way --debconf-ok $default_conf $user_conf + ucfr rsyslog $user_conf + + adduser --system --group --no-create-home --quiet syslog || true ;; abort-upgrade|abort-remove|abort-deconfigure) diff -u rsyslog-3.22.0/debian/rsyslog.postrm rsyslog-3.22.0/debian/rsyslog.postrm --- rsyslog-3.22.0/debian/rsyslog.postrm +++ rsyslog-3.22.0/debian/rsyslog.postrm @@ -10,6 +10,20 @@ [ -f /etc/logrotate.d/rsyslog.disabled ] && rm -f /etc/logrotate.d/rsyslog.disabled fi +if [ "$1" = "purge" ]; then + if which ucfr >/dev/null; then + ucfr --purge rsyslog /etc/rsyslog.d/default.conf + fi + if which ucf >/dev/null; then + ucf --purge /etc/rsyslog.d/default.conf + fi + if [ -d /etc/rsyslog.d ]; then + rm -f /etc/rsyslog.d/default.conf + rmdir --ignore-fail-on-non-empty /etc/rsyslog.d + fi + deluser --system --quiet syslog +fi + #DEBHELPER# exit 0 diff -u rsyslog-3.22.0/debian/rsyslog.install rsyslog-3.22.0/debian/rsyslog.install --- rsyslog-3.22.0/debian/rsyslog.install +++ rsyslog-3.22.0/debian/rsyslog.install @@ -1,4 +1,5 @@ debian/rsyslog.conf /etc/ +debian/default.conf /usr/share/rsyslog debian/tmp/usr/sbin/ debian/tmp/usr/share/man/ debian/tmp/usr/lib/rsyslog/imfile.so diff -u rsyslog-3.22.0/debian/rsyslog.conf rsyslog-3.22.0/debian/rsyslog.conf --- rsyslog-3.22.0/debian/rsyslog.conf +++ rsyslog-3.22.0/debian/rsyslog.conf @@ -12,6 +12,8 @@ $ModLoad imklog # provides kernel logging support (previously done by rklogd) #$ModLoad immark # provides --MARK-- message capability +$KLogPath /var/run/rsyslog/kmsg + # provides UDP syslog reception #$ModLoad imudp #$UDPServerRun 514 @@ -42,75 +44,8 @@ +$PrivDropToUser syslog +$PrivDropToGroup syslog # # Include all config files in /etc/rsyslog.d/ # $IncludeConfig /etc/rsyslog.d/*.conf - -############### -#### RULES #### -############### - -# -# First some standard log files. Log by facility. -# -auth,authpriv.* /var/log/auth.log -*.*;auth,authpriv.none -/var/log/syslog -#cron.* /var/log/cron.log -daemon.* -/var/log/daemon.log -kern.* -/var/log/kern.log -lpr.* -/var/log/lpr.log -mail.* -/var/log/mail.log -user.* -/var/log/user.log - -# -# Logging for the mail system. Split it up so that -# it is easy to write scripts to parse these files. -# -mail.info -/var/log/mail.info -mail.warn -/var/log/mail.warn -mail.err /var/log/mail.err - -# -# Logging for INN news system. -# -news.crit /var/log/news/news.crit -news.err /var/log/news/news.err -news.notice -/var/log/news/news.notice - -# -# Some "catch-all" log files. -# -*.=debug;\ - auth,authpriv.none;\ - news.none;mail.none -/var/log/debug -*.=info;*.=notice;*.=warn;\ - auth,authpriv.none;\ - cron,daemon.none;\ - mail,news.none -/var/log/messages - -# -# Emergencies are sent to everybody logged in. -# -*.emerg * - -# -# I like to have messages displayed on the console, but only on a virtual -# console I usually leave idle. -# -#daemon,mail.*;\ -# news.=crit;news.=err;news.=notice;\ -# *.=debug;*.=info;\ -# *.=notice;*.=warn /dev/tty8 - -# The named pipe /dev/xconsole is for the `xconsole' utility. To use it, -# you must invoke `xconsole' with the `-file' option: -# -# $ xconsole -file /dev/xconsole [...] -# -# NOTE: adjust the list below, or you'll go crazy if you have a reasonably -# busy site.. -# -daemon.*;mail.*;\ - news.err;\ - *.=debug;*.=info;\ - *.=notice;*.=warn |/dev/xconsole diff -u rsyslog-3.22.0/debian/changelog rsyslog-3.22.0/debian/changelog --- rsyslog-3.22.0/debian/changelog +++ rsyslog-3.22.0/debian/changelog @@ -1,3 +1,26 @@ +rsyslog (3.22.0-1ubuntu1) karmic; urgency=low + + * Run as rsyslog:rsyslog (LP: #250827, LP: #388608) + - debian/control: Depend on adduser + - debian/rsyslog.postinst: Create syslog user + - debian/rsyslog.postrm: Delete syslog user on purge + - debian/patches/add_droppriv_config.patch: Backport DropPriv config + fields from v4 branch + - debian/rsyslog.conf: Use DropPriv config fields + * Allow reading /proc/kmsg when non-root + - debian/rsyslog.init: Spawn a dd instance that shovels the /proc/kmsg + data to a pipe that rsyslog can read + - debian/patches/add_klog_path.patch: Support a KlogPath config field + to change where the klog plugin looks + * Cleanly upgrade from sysklogd + - debian/default.conf, debian/rsyslog.conf: + Break out the default rules into their own config file + - debian/rsyslog.install: Install it in /usr/share/rsyslog + - debian/rsyslog.postinst: If present, copy /etc/syslog.conf into + /etc/rsyslog.d/default.conf. Then merge our own default.conf + + -- Michael Terry Wed, 17 Jun 2009 15:25:47 -0400 + rsyslog (3.22.0-1) unstable; urgency=low * New upstream release. diff -u rsyslog-3.22.0/debian/rules rsyslog-3.22.0/debian/rules --- rsyslog-3.22.0/debian/rules +++ rsyslog-3.22.0/debian/rules @@ -18,7 +18,7 @@ DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) -CFLAGS = -Wall -g +CFLAGS = -Wall -g -U_FORTIFY_SOURCE ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) CFLAGS += -O0 diff -u rsyslog-3.22.0/debian/patches/series rsyslog-3.22.0/debian/patches/series --- rsyslog-3.22.0/debian/patches/series +++ rsyslog-3.22.0/debian/patches/series @@ -3,0 +4,2 @@ +add_droppriv_config.patch +add_klog_path.patch only in patch2: unchanged: --- rsyslog-3.22.0.orig/debian/default.conf +++ rsyslog-3.22.0/debian/default.conf @@ -0,0 +1,68 @@ +# Default rules for rsyslog v3. +# +# For more information see rsyslog.conf(5) and /etc/rsyslog.conf + +# +# First some standard log files. Log by facility. +# +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +#cron.* /var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +mail.info -/var/log/mail.info +mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# +# Logging for INN news system. +# +news.crit /var/log/news/news.crit +news.err /var/log/news/news.err +news.notice -/var/log/news/news.notice + +# +# Some "catch-all" log files. +# +*.=debug;\ + auth,authpriv.none;\ + news.none;mail.none -/var/log/debug +*.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail,news.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in. +# +*.emerg * + +# +# I like to have messages displayed on the console, but only on a virtual +# console I usually leave idle. +# +#daemon,mail.*;\ +# news.=crit;news.=err;news.=notice;\ +# *.=debug;*.=info;\ +# *.=notice;*.=warn /dev/tty8 + +# The named pipe /dev/xconsole is for the `xconsole' utility. To use it, +# you must invoke `xconsole' with the `-file' option: +# +# $ xconsole -file /dev/xconsole [...] +# +# NOTE: adjust the list below, or you'll go crazy if you have a reasonably +# busy site.. +# +daemon.*;mail.*;\ + news.err;\ + *.=debug;*.=info;\ + *.=notice;*.=warn |/dev/xconsole only in patch2: unchanged: --- rsyslog-3.22.0.orig/debian/patches/add_klog_path.patch +++ rsyslog-3.22.0/debian/patches/add_klog_path.patch @@ -0,0 +1,139 @@ +Index: rsyslog-3.22.0/plugins/imklog/bsd.c +=================================================================== +--- rsyslog-3.22.0.orig/plugins/imklog/bsd.c 2009-06-17 10:04:59.000000000 -0400 ++++ rsyslog-3.22.0/plugins/imklog/bsd.c 2009-06-17 11:41:58.000000000 -0400 +@@ -83,6 +83,11 @@ + # define _PATH_KLOG "/dev/klog" + #endif + ++static uchar *GetPath(void) ++{ ++ return pszPath ? pszPath : _PATH_KLOG; ++} ++ + /* open the kernel log - will be called inside the willRun() imklog + * entry point. -- rgerhards, 2008-04-09 + */ +@@ -91,9 +96,9 @@ + { + DEFiRet; + +- fklog = open(_PATH_KLOG, O_RDONLY, 0); ++ fklog = open(GetPath(), O_RDONLY, 0); + if (fklog < 0) { +- dbgprintf("can't open %s (%d)\n", _PATH_KLOG, errno); ++ dbgprintf("can't open %s (%d)\n", GetPath(), errno); + iRet = RS_RET_ERR; // TODO: better error code + } + +Index: rsyslog-3.22.0/plugins/imklog/imklog.c +=================================================================== +--- rsyslog-3.22.0.orig/plugins/imklog/imklog.c 2009-06-17 10:04:59.000000000 -0400 ++++ rsyslog-3.22.0/plugins/imklog/imklog.c 2009-06-17 11:41:58.000000000 -0400 +@@ -44,6 +44,7 @@ + #include + #include + #include ++#include + + #include "dirty.h" + #include "cfsysline.h" +@@ -68,6 +69,7 @@ + int symbol_lookup = 0; /* on recent kernels > 2.6, the kernel does this */ + int bPermitNonKernel = 0; /* permit logging of messages not having LOG_KERN facility */ + int iFacilIntMsg; /* the facility to use for internal messages (set by driver) */ ++uchar *pszPath = NULL; + /* TODO: configuration for the following directives must be implemented. It + * was not done yet because we either do not yet have a config handler for + * that type or I thought it was acceptable to push it to a later stage when +@@ -244,6 +246,8 @@ + /* release objects we used */ + objRelease(glbl, CORE_COMPONENT); + objRelease(datetime, CORE_COMPONENT); ++ if(pszPath != NULL) ++ free(pszPath); + ENDmodExit + + +@@ -260,6 +264,10 @@ + symfile = NULL; + symbol_lookup = 0; + bPermitNonKernel = 0; ++ if(pszPath != NULL) { ++ free(pszPath); ++ pszPath = NULL; ++ } + iFacilIntMsg = klogFacilIntMsg(); + return RS_RET_OK; + } +@@ -274,6 +282,7 @@ + iFacilIntMsg = klogFacilIntMsg(); + + CHKiRet(omsdRegCFSLineHdlr((uchar *)"debugprintkernelsymbols", 0, eCmdHdlrBinary, NULL, &dbgPrintSymbols, STD_LOADABLE_MODULE_ID)); ++ CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogpath", 0, eCmdHdlrGetWord, NULL, &pszPath, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogsymbollookup", 0, eCmdHdlrBinary, NULL, &symbol_lookup, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogsymbolstwice", 0, eCmdHdlrBinary, NULL, &symbols_twice, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"klogusesyscallinterface", 0, eCmdHdlrBinary, NULL, &use_syscall, STD_LOADABLE_MODULE_ID)); +Index: rsyslog-3.22.0/plugins/imklog/linux.c +=================================================================== +--- rsyslog-3.22.0.orig/plugins/imklog/linux.c 2009-06-17 10:04:59.000000000 -0400 ++++ rsyslog-3.22.0/plugins/imklog/linux.c 2009-06-17 14:42:45.000000000 -0400 +@@ -84,6 +84,11 @@ + extern int ksyslog(int type, char *buf, int len); + + ++static uchar *GetPath(void) ++{ ++ return pszPath ? pszPath : _PATH_KLOG; ++} ++ + static void CloseLogSrc(void) + { + /* Turn on logging of messages to console, but only if we had the -c +@@ -135,7 +140,7 @@ + * file system is available to get kernel messages from. + */ + if ( use_syscall || +- ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)) ) ++ ((stat(GetPath(), &sb) < 0) && (errno == ENOENT)) ) + { + /* Initialize kernel logging. */ + ksyslog(1, NULL, 0); +@@ -144,14 +149,14 @@ + return(kernel); + } + +- if ( (kmsg = open(_PATH_KLOG, O_RDONLY)) < 0 ) ++ if ( (kmsg = open(GetPath(), O_RDONLY)) < 0 ) + { + imklogLogIntMsg(LOG_ERR, "imklog: Cannot open proc file system, %d.\n", errno); + ksyslog(7, NULL, 0); /* TODO: check this, implement more */ + return(none); + } + +- imklogLogIntMsg(LOG_INFO, "imklog %s, log source = %s started.", VERSION, _PATH_KLOG); ++ imklogLogIntMsg(LOG_INFO, "imklog %s, log source = %s started.", VERSION, GetPath()); + return(proc); + } + +@@ -531,7 +536,7 @@ + int + klogFacilIntMsg(void) + { +- return LOG_KERN; ++ return LOG_SYSLOG; + } + + +Index: rsyslog-3.22.0/plugins/imklog/imklog.h +=================================================================== +--- rsyslog-3.22.0.orig/plugins/imklog/imklog.h 2009-06-17 10:04:59.000000000 -0400 ++++ rsyslog-3.22.0/plugins/imklog/imklog.h 2009-06-17 11:41:58.000000000 -0400 +@@ -52,6 +52,7 @@ + extern char *symfile; + extern int console_log_level; + extern int dbgPrintSymbols; ++extern uchar *pszPath; + + /* the functions below may be called by the drivers */ + rsRetVal imklogLogIntMsg(int priority, char *fmt, ...) __attribute__((format(printf,2, 3))); only in patch2: unchanged: --- rsyslog-3.22.0.orig/debian/patches/add_U_arg.patch +++ rsyslog-3.22.0/debian/patches/add_U_arg.patch @@ -0,0 +1,128 @@ +Index: rsyslog-3.22.0/tools/syslogd.c +=================================================================== +--- rsyslog-3.22.0.orig/tools/syslogd.c 2009-06-16 09:52:07.000000000 -0400 ++++ rsyslog-3.22.0/tools/syslogd.c 2009-06-16 09:55:55.000000000 -0400 +@@ -82,6 +82,7 @@ + #include + #include + #include ++#include + + #if HAVE_SYS_TIMESPEC_H + # include +@@ -91,6 +92,8 @@ + # include + #endif + ++#include ++#include + #include + + #if HAVE_PATHS_H +@@ -217,6 +220,8 @@ + static uchar *ConfFile = (uchar*) _PATH_LOGCONF; /* read-only after startup */ + static char *PidFile = _PATH_LOGPID; /* read-only after startup */ + ++static char *Username; /* User to drop to */ ++ + static pid_t myPid; /* our pid for use in self-generated messages, e.g. on startup */ + /* mypid is read-only after the initial fork() */ + static int restart = 0; /* do restart (config read) - multithread safe */ +@@ -393,7 +398,7 @@ + { + fprintf(stderr, "usage: rsyslogd [-c] [-46AdnqQvwx] [-l] [-s]\n" + " [-f] [-i] [-N] [-M]\n" +- " [-u]\n" ++ " [-u] [-U]\n" + "To run rsyslogd in native mode, use \"rsyslogd -c3 \"\n\n" + "For further information see http://www.rsyslog.com/doc\n"); + exit(1); /* "good" exit - done to terminate usage() */ +@@ -2851,6 +2856,18 @@ + if (myPid != ppid) + kill (ppid, SIGTERM); + ++ /* Drop privileges if -U was specified. We need to wait to do this until ++ * all log files have been opened and we've killed our parent. ++ */ ++ if (Username) { ++ struct passwd *pw = getpwnam(Username); ++ if (!pw) ++ fprintf(stderr, "user %s does not exist\n", Username); ++ else if (initgroups(Username, pw->pw_gid) || ++ setgid(pw->pw_gid) || setuid(pw->pw_uid)) ++ fprintf(stderr, "could not drop to user %s\n", Username); ++ } ++ + /* END OF INTIALIZATION + * ... but keep in mind that we might do a restart and thus init() might + * be called again. If that happens, we must shut down the worker thread, +@@ -3158,6 +3175,7 @@ + uchar *LocalHostName; + uchar *LocalDomain; + ++ + /* first, parse the command line options. We do not carry out any actual work, just + * see what we should do. This relieves us from certain anomalies and we can process + * the parameters down below in the correct order. For example, we must know the +@@ -3172,7 +3190,7 @@ + * only when actually neeeded. + * rgerhards, 2008-04-04 + */ +- while((ch = getopt(argc, argv, "46a:Ac:def:g:hi:l:m:M:nN:op:qQr::s:t:u:vwx")) != EOF) { ++ while((ch = getopt(argc, argv, "46a:Ac:def:g:hi:l:m:M:nN:op:qQr::s:t:u:U:vwx")) != EOF) { + switch((char)ch) { + case '4': + case '6': +@@ -3191,6 +3209,7 @@ + case 'Q': /* dont resolve hostnames in ACL to IPs */ + case 's': + case 'u': /* misc user settings */ ++ case 'U': /* user to drop to */ + case 'w': /* disable disallowed host warnings */ + case 'x': /* disable dns for remote messages */ + CHKiRet(bufOptAdd(ch, optarg)); +@@ -3439,6 +3458,9 @@ + if(iHelperUOpt & 0x02) + bChDirRoot = 0; + break; ++ case 'U': /* user to drop to */ ++ Username = arg; ++ break; + case 'w': /* disable disallowed host warnigs */ + glbl.SetOption_DisallowWarning(0); + break; +@@ -3464,7 +3486,6 @@ + fprintf(stderr, "Can not do 'cd /' - still trying to run\n"); + } + +- + /* process compatibility mode settings */ + if(iCompatibilityMode < 3) { + errmsg.LogError(0, NO_ERRCODE, "WARNING: rsyslogd is running in compatibility mode. Automatically " +Index: rsyslog-3.22.0/tools/rsyslogd.8 +=================================================================== +--- rsyslog-3.22.0.orig/tools/rsyslogd.8 2009-06-16 09:55:45.000000000 -0400 ++++ rsyslog-3.22.0/tools/rsyslogd.8 2009-06-16 09:55:45.000000000 -0400 +@@ -33,6 +33,9 @@ + .RB [ " \-u " + .I userlevel + ] ++.RB [ " \-U " ++.I username ++] + .RB [ " \-v " ] + .RB [ " \-w " ] + .RB [ " \-x " ] +@@ -217,6 +220,12 @@ + To combine these two features, use a userlevel of 3 (1+2). Whenever you use + an -u option, make sure you really understand what you do and why you do it. + .TP ++.BI "\-U " "username" ++.B rsyslogd ++starts with full privileges by default. If you specify this option, ++.B rsyslogd ++will drop its privileges to this user. ++.TP + .B "\-v" + Print version and exit. + .TP only in patch2: unchanged: --- rsyslog-3.22.0.orig/debian/patches/add_droppriv_config.patch +++ rsyslog-3.22.0/debian/patches/add_droppriv_config.patch @@ -0,0 +1,113 @@ +Index: rsyslog-3.22.0/tools/syslogd.c +=================================================================== +--- rsyslog-3.22.0.orig/tools/syslogd.c 2009-06-17 09:20:50.000000000 -0400 ++++ rsyslog-3.22.0/tools/syslogd.c 2009-06-17 10:12:32.000000000 -0400 +@@ -82,6 +82,7 @@ + #include + #include + #include ++#include + + #if HAVE_SYS_TIMESPEC_H + # include +@@ -271,6 +272,8 @@ + * If the main queue is either not yet ready or not running in + * queueing mode (mode DIRECT!), then this is set to 0. + */ ++static int uidDropPriv = 0; /* user-id to which priveleges should be dropped to (AFTER init()!) */ ++static int gidDropPriv = 0; /* group-id to which priveleges should be dropped to (AFTER init()!) */ + + extern int errno; + +@@ -2043,6 +2046,56 @@ + } + + ++/* drop to specified group ++ * if something goes wrong, the function never returns ++ * Note that such an abort can cause damage to on-disk structures, so we should ++ * re-design the "interface" in the long term. -- rgerhards, 2008-11-26 ++ */ ++static void doDropPrivGid(int iGid) ++{ ++ int res; ++ uchar szBuf[1024]; ++ ++ res = setgroups(0, NULL); /* remove all supplementary group IDs */ ++ if(res) { ++ perror("could not remove supplemental group IDs"); ++ exit(1); ++ } ++ dbgprintf("setgroups(0, NULL): %d\n", res); ++ res = setgid(iGid); ++ if(res) { ++ /* if we can not set the userid, this is fatal, so let's unconditionally abort */ ++ perror("could not set requested group id"); ++ exit(1); ++ } ++ dbgprintf("setgid(%d): %d\n", iGid, res); ++ snprintf((char*)szBuf, sizeof(szBuf)/sizeof(uchar), "rsyslogd's groupid changed to %d", iGid); ++ logmsgInternal(NO_ERRCODE, LOG_SYSLOG|LOG_INFO, szBuf, 0); ++} ++ ++ ++/* drop to specified user ++ * if something goes wrong, the function never returns ++ * Note that such an abort can cause damage to on-disk structures, so we should ++ * re-design the "interface" in the long term. -- rgerhards, 2008-11-19 ++ */ ++static void doDropPrivUid(int iUid) ++{ ++ int res; ++ uchar szBuf[1024]; ++ ++ res = setuid(iUid); ++ if(res) { ++ /* if we can not set the userid, this is fatal, so let's unconditionally abort */ ++ perror("could not set requested userid"); ++ exit(1); ++ } ++ dbgprintf("setuid(%d): %d\n", iUid, res); ++ snprintf((char*)szBuf, sizeof(szBuf)/sizeof(uchar), "rsyslogd's userid changed to %d", iUid); ++ logmsgInternal(NO_ERRCODE, LOG_SYSLOG|LOG_INFO, szBuf, 0); ++} ++ ++ + /* helper to freeSelectors(), used with llExecFunc() to flush + * pending output. -- rgerhards, 2007-08-02 + * We do not need to lock the action object here as the processing +@@ -2750,6 +2803,10 @@ + CHKiRet(regCfSysLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler, resetConfigVariables, NULL, NULL)); + CHKiRet(regCfSysLineHdlr((uchar *)"errormessagestostderr", 0, eCmdHdlrBinary, NULL, &bErrMsgToStderr, NULL)); + CHKiRet(regCfSysLineHdlr((uchar *)"maxmessagesize", 0, eCmdHdlrSize, setMaxMsgSize, NULL, NULL)); ++ CHKiRet(regCfSysLineHdlr((uchar *)"privdroptouser", 0, eCmdHdlrUID, NULL, &uidDropPriv, NULL)); ++ CHKiRet(regCfSysLineHdlr((uchar *)"privdroptouserid", 0, eCmdHdlrInt, NULL, &uidDropPriv, NULL)); ++ CHKiRet(regCfSysLineHdlr((uchar *)"privdroptogroup", 0, eCmdHdlrGID, NULL, &gidDropPriv, NULL)); ++ CHKiRet(regCfSysLineHdlr((uchar *)"privdroptogroupid", 0, eCmdHdlrGID, NULL, &gidDropPriv, NULL)); + + /* now add other modules handlers (we should work on that to be able to do it in ClassInit(), but so far + * that is not possible). -- rgerhards, 2008-01-28 +@@ -2851,6 +2908,23 @@ + if (myPid != ppid) + kill (ppid, SIGTERM); + ++ ++ /* If instructed to do so, we now drop privileges. Note that this is not 100% secure, ++ * because inputs and outputs are already running at this time. However, we can implement ++ * dropping of privileges rather quickly and it will work in many cases. While it is not ++ * the ultimate solution, the current one is still much better than not being able to ++ * drop privileges at all. Doing it correctly, requires a change in architecture, which ++ * we should do over time. TODO -- rgerhards, 2008-11-19 ++ */ ++ if(gidDropPriv != 0) { ++ doDropPrivGid(gidDropPriv); ++ } ++ ++ if(uidDropPriv != 0) { ++ doDropPrivUid(uidDropPriv); ++ } ++ ++ + /* END OF INTIALIZATION + * ... but keep in mind that we might do a restart and thus init() might + * be called again. If that happens, we must shut down the worker thread,