The klogd in debian/ubuntu has the -P <file> option to read from a
different file than /proc/kmsg. AFAICS this is done for security
purposes: this allows klogd to be run as non-root.
However this needs a dd running to read from /proc/kmsg and to write
into a fifo which can be read with -P fifo.
1) Why didn't these changed make it into upstream klogd?
2) I'd like to be corrected, but as I see it the only input klogd takes
is from the kernel so having it run as non-root is only of minor
security consideration if we were to trust the kernel.
3) Wouldn't it make more sense if klogd had a "-u username" option to
drop its privileges after opening /proc/kmsg? Using this there would
be no reason for having dd running.
Thanks
Sean
Received on Tue Jul 08 2008 - 17:16:55 CEST
This archive was generated by hypermail 2.2.0 : Tue Jul 08 2008 - 17:17:03 CEST