Re: syslog/udp

[proff () suburbia apana org au (Julian Assange)]

> > The problem is that syslogd will accept any message from anywhere
> > on the net. If you have to accept messages from your local net,
> > this fix is not useful -- if you're only logging things on your
> > local machine (i.e. all programs logging are using syslog(3)),
> > then you can disable logging over UDP.
>
> Even worse its only UDP packets, *very very* easy to forge
> so that you cant even trust the IP address in them.
>
> > > How can we, who are without source code, change this behavior?
> >
> > You can get the Berkeley syslogd code, which is in all likelyhood
> > compatible with your current syslogd.
>
> I'm afraid this is not the case.  To compile BSD's syslogd
> code you will have to collect syslogd and rwalld sources and
> will have to find (or rewrite your own) the daemon() call (I
> assume this takes you off the tty and forks and has the parent
> return).  Sun's syslogd has at least one feature that the BSD
> version does not.  It doesnt open the syslog.conf for reading
> directly but rather pipes it through the 'm4' macro processor
> with the LOGHOST variable set if loghost's address is the same
> as one of the machines net interfaces.  This allows you to use
> the same syslog.conf file on loghost and non-loghost machines.
> With BSD's syslog you would have to remove the if() lines in
> the syslog.conf and make two seperate files.

my version of daemon():

void daemon()
{
        close(0);
        close(1);
        close(2);
        setsid();
        if (fork()) _exit(0);
}

- Julian.