git: ddc689051917 - main - libc/syslog: deprecate use of "/var/run/logpriv"

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Gleb Smirnoff <glebius_at_FreeBSD.org>
Date: Fri, 24 Jun 2022 16:10:42 UTC
The branch main has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=ddc689051917e739a90d1335ff40591c7601397c

commit ddc689051917e739a90d1335ff40591c7601397c
Author:     Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2022-06-24 16:09:11 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2022-06-24 16:09:11 +0000

    libc/syslog: deprecate use of "/var/run/logpriv"
    
    This additional socket was created in 2e89951b6f20 and 240d5a9b1ce76
    to try workaround problems with classic PF_UNIX/SOCK_DGRAM sockets.
    
    With recent changes in kernel this trick is no longer needed, so the
    trick can be reverted.
    
    In syslogd(8) we would still create the socket for the next several
    major releases for compatibility.
    
    Differential revision:  https://reviews.freebsd.org/D35305
---
 lib/libc/gen/syslog.c | 75 ++++++++++-----------------------------------------
 1 file changed, 14 insertions(+), 61 deletions(-)

diff --git a/lib/libc/gen/syslog.c b/lib/libc/gen/syslog.c
index 50a77f651980..a466b4cbc49e 100644
--- a/lib/libc/gen/syslog.c
+++ b/lib/libc/gen/syslog.c
@@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$");
 #include <fcntl.h>
 #include <paths.h>
 #include <pthread.h>
+#include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -61,7 +62,7 @@ __FBSDID("$FreeBSD$");
 #define	MAXLINE		8192
 
 static int	LogFile = -1;		/* fd for log */
-static int	status;			/* connection status */
+static bool	connected;		/* have done connect */
 static int	opened;			/* have done openlog() */
 static int	LogStat = 0;		/* status bits, set by openlog() */
 static const char *LogTag = NULL;	/* string to tag the entry with */
@@ -85,12 +86,6 @@ static void	disconnectlog(void); /* disconnect from syslogd */
 static void	connectlog(void);	/* (re)connect to syslogd */
 static void	openlog_unlocked(const char *, int, int);
 
-enum {
-	NOCONN = 0,
-	CONNDEF,
-	CONNPRIV,
-};
-
 /*
  * Format of the magic cookie passed through the stdio hook
  */
@@ -291,48 +286,19 @@ vsyslog1(int pri, const char *fmt, va_list ap)
 	connectlog();
 
 	/*
-	 * If the send() fails, there are two likely scenarios: 
-	 *  1) syslogd was restarted
-	 *  2) /var/run/log is out of socket buffer space, which
-	 *     in most cases means local DoS.
-	 * If the error does not indicate a full buffer, we address
-	 * case #1 by attempting to reconnect to /var/run/log[priv]
-	 * and resending the message once.
-	 *
-	 * If we are working with a privileged socket, the retry
-	 * attempts end there, because we don't want to freeze a
-	 * critical application like su(1) or sshd(8).
-	 *
-	 * Otherwise, we address case #2 by repeatedly retrying the
-	 * send() to give syslogd a chance to empty its socket buffer.
+	 * If the send() failed, there are two likely scenarios:
+	 * 1) syslogd was restarted.  In this case make one (only) attempt
+	 *    to reconnect.
+	 * 2) We filled our buffer due to syslogd not being able to read
+	 *    as fast as we write.  In this case prefer to lose the current
+	 *    message rather than whole buffer of previously logged data.
 	 */
-
 	if (send(LogFile, tbuf, cnt, 0) < 0) {
 		if (errno != ENOBUFS) {
-			/*
-			 * Scenario 1: syslogd was restarted
-			 * reconnect and resend once
-			 */
 			disconnectlog();
 			connectlog();
 			if (send(LogFile, tbuf, cnt, 0) >= 0)
 				return;
-			/*
-			 * if the resend failed, fall through to
-			 * possible scenario 2
-			 */
-		}
-		while (errno == ENOBUFS) {
-			/*
-			 * Scenario 2: out of socket buffer space
-			 * possible DoS, fail fast on a privileged
-			 * socket
-			 */
-			if (status == CONNPRIV)
-				break;
-			_usleep(1);
-			if (send(LogFile, tbuf, cnt, 0) >= 0)
-				return;
 		}
 	} else
 		return;
@@ -389,7 +355,7 @@ disconnectlog(void)
 		_close(LogFile);
 		LogFile = -1;
 	}
-	status = NOCONN;			/* retry connect */
+	connected = false;			/* retry connect */
 }
 
 /* Should be called with mutex acquired */
@@ -413,29 +379,16 @@ connectlog(void)
 			}
 		}
 	}
-	if (LogFile != -1 && status == NOCONN) {
+	if (!connected) {
 		SyslogAddr.sun_len = sizeof(SyslogAddr);
 		SyslogAddr.sun_family = AF_UNIX;
 
-		/*
-		 * First try privileged socket. If no success,
-		 * then try default socket.
-		 */
-		(void)strncpy(SyslogAddr.sun_path, _PATH_LOG_PRIV,
+		(void)strncpy(SyslogAddr.sun_path, _PATH_LOG,
 		    sizeof SyslogAddr.sun_path);
 		if (_connect(LogFile, (struct sockaddr *)&SyslogAddr,
 		    sizeof(SyslogAddr)) != -1)
-			status = CONNPRIV;
-
-		if (status == NOCONN) {
-			(void)strncpy(SyslogAddr.sun_path, _PATH_LOG,
-			    sizeof SyslogAddr.sun_path);
-			if (_connect(LogFile, (struct sockaddr *)&SyslogAddr,
-			    sizeof(SyslogAddr)) != -1)
-				status = CONNDEF;
-		}
-
-		if (status == NOCONN) {
+			connected = true;
+		else {
 			(void)_close(LogFile);
 			LogFile = -1;
 		}
@@ -477,7 +430,7 @@ closelog(void)
 		LogFile = -1;
 	}
 	LogTag = NULL;
-	status = NOCONN;
+	connected = false;
 	THREAD_UNLOCK();
 }