Re: LOG_KERN treated as LOG_USER?

You're right, I see that now. I'm sure I would have noticed that
if the syslog.c in glibc had had the same #ifdef ALLOW_KERNEL_LOGGING
or at least a comment that it was intentionally disallowing kernel
logging from userspace programs. Ah well.

thanks,
Eric

On Tue, Nov 28, 2006 at 09:28:40AM +0100, Rainer Gerhards wrote:
> Eric,
>
> I am replying off-list because I am not 100% sure and have no time to
> look at the source. As far as I remember, there is a special version of
> the syslog api that comes with the sysklogd package. So klogd does NOT
> use the API but its own file (something like syslog.c).
>
> HTH
> Rainer
>
> > -----Original Message-----
> > From: Eric Tucker [mailto:et_at_tallmaple.com]
> > Sent: Tuesday, November 28, 2006 4:05 AM
> > To: infodrom-sysklogd_at_lists.infodrom.org
> > Cc: Eric Tucker
> > Subject: LOG_KERN treated as LOG_USER?
> >
> > Hi,
> >
> > I think I have noticed a bug where messages intended for the
> > LOG_KERN facility go to LOG_USER instead. If true, this would
> > probably be a glibc bug, but I thought I'd ask here too to see
> > if anyone else agrees with it. The bug seems so basic that I
> > can't believe no one else has noticed it, leading me to think
> > that I have missed something.
> >
> > It's easy to reproduce (at least for me): just put a line in
> > syslog.conf like:
> >
> > kern.* /var/log/kern.log
> >
> > (like in so many example files), and then try logging to the
> > kernel facility like:
> >
> > logger -p kern.crit hi
> >
> > The messages don't show up there, but they do show up in
> > /var/log/messages, assuming you have a *.(something) line pointing
> > there. Messages from the kernel itself don't either, unsurprising
> > since klogd just seems to call openlog("kernel", 0, LOG_KERN) like
> > anyone else would.
> >
> > I think I see why, from looking at the code for openlog() in glibc,
> > where it treats a facility of 0 as not specified, and uses its
> > default of LOG_USER instead. But LOG_KERN *is* 0, hence the bug.
> >
> > All I can think is that they wanted to prevent userland processes
> > from spoofing messages from the kernel, but in that case klogd
> > would have to have some different method of logging (or at least
> > use a different facility level in cahoots with syslogd). Are there
> > other versions of klogd that do this, or do they all work with the
> > standard syslog API?
> >
> > Is this a real bug, or what am I missing here?
> >
> > thanks,
> > Eric Tucker
> > et_at_tallmaple.com
> >
> >
> > --
> > To UNSUBSCRIBE, send an email to infodrom-sysklogd-
> > request_at_lists.infodrom.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster_at_lists.infodrom.org
>
Received on Tue Nov 28 2006 - 19:08:47 CET