Page MenuHomeFreeBSD

Added casper service to logger
ClosedPublic

Authored by tig_freebsdfoundation.org on Feb 18 2020, 6:21 PM.

Details

Summary

Sandboxed majority of the program(enter cap mode after getopt and socket setup).
Logger now uses cap_openlog, cap_syslog instead of openlog, syslog.

Test Plan
$ ./log.sh
rm -f .depend
echo logger.full: /usr/lib/libc.a /usr/lib/libm.a   >> .depend
cc  -O2 -pipe   -DINET6 -DWITH_CASPER -g -MD  -MF.depend.logger.o -MTlogger.o -std=gnu99 -Wno-format-zero-length -fstack-protector-strong -Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -Wmissing-variable-declarations -Wthread-safety -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable  -Qunused-arguments    -c /usr/home/tig/freebsd-1/usr.bin/logger/logger.c -o logger.o
cc -O2 -pipe -DINET6 -DWITH_CASPER -g -std=gnu99 -Wno-format-zero-length -fstack-protector-strong -Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -Wmissing-variable-declarations -Wthread-safety -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -Qunused-arguments    -o logger.full logger.o  -L/usr/obj/usr/home/tig/freebsd-1/amd64.amd64/lib/msun -lm -L/usr/obj/usr/home/tig/freebsd-1/amd64.amd64/lib/libcasper/libcasper -lcasper -L/usr/obj/usr/home/tig/freebsd-1/amd64.amd64/lib/libcasper/services/cap_syslog -lcap_syslog 
objcopy --only-keep-debug logger.full logger.debug
objcopy --strip-debug --add-gnu-debuglink=logger.debug  logger.full logger
Password:
install  -s -o root -g wheel -m 555   logger /usr/bin/logger
install  -o root -g wheel -m 444  logger.debug /usr/lib/debug/usr/bin/logger.debug
install  -o root -g wheel -m 444 logger.1.gz  /usr/share/man/man1/
$ logger asdfa
$ tail -n 5 /var/log/messages 
Feb 18 12:54:55 tiger_1 root[3389]: xd
Feb 18 12:55:30 tiger_1 root[3483]: xd
Feb 18 12:57:57 tiger_1 root[3568]: xd
Feb 18 13:12:13 tiger_1 root[3756]: asdf
Feb 18 13:18:45 tiger_1 root[3897]: asdfa

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

usr.bin/logger/logger.c
186 ↗(On Diff #68498)

optarg may not point at the argument any longer - for example a command line of -p foo -S bar will have optarg pointing to bar at this point.

emaste added inline comments.
usr.bin/logger/logger.c
186 ↗(On Diff #68498)

Oops - ch will also not still be 'p'.
Probably initialize pristr to NULL and make this if (pristr != NULL) pri = ...

tig_freebsdfoundation.org added inline comments.
usr.bin/logger/logger.c
186 ↗(On Diff #68498)

oops. Fixed

usr.bin/logger/Makefile
12 ↗(On Diff #68533)

.if ${MK_CASPER} ...

See usr.bin/wc/Makefile for example.
Some ppl are building FreeBSD without Casper.

usr.bin/logger/logger.c
180 ↗(On Diff #68533)

you don't want to use caph_enter ?

181 ↗(On Diff #68533)

Style error.

Some more notes.

usr.bin/logger/logger.c
83 ↗(On Diff #68533)

There is no need for capcas to be global.

195 ↗(On Diff #68533)

You have to move this or read the tzdata.
See caph_cache_tzdata.

255 ↗(On Diff #68533)

Those err means you probably want NLS.
See caph_cache_catpages.

tig_freebsdfoundation.org added inline comments.
usr.bin/logger/logger.c
180 ↗(On Diff #68533)

Is there a difference?

181 ↗(On Diff #68533)

Fixed.

tig_freebsdfoundation.org added inline comments.
usr.bin/logger/logger.c
195 ↗(On Diff #68533)

Added caph_cache_tzdata()

255 ↗(On Diff #68533)

Added caph_cache_catpages

tig_freebsdfoundation.org added inline comments.
usr.bin/logger/logger.c
83 ↗(On Diff #68533)

Fixed.

Any further comments? If not, feel free to accept this revision.

If you want I can commit this for you.

usr.bin/logger/logger.c
184 ↗(On Diff #68544)

Now you don't have to check for errno.

180 ↗(On Diff #68533)

Yes. The difference is that cap_enter syscall may not be build in the system and then you have to check for errno != ENOSYS, otherwise tool will not work on the systems without CAPSICUM. caph_* hides it from you.

This revision is now accepted and ready to land.Mar 11 2020, 2:18 PM

Yes that would be great. Please go ahead.

@oshogbo please tag with Sponsored by: The FreeBSD Foundation

This revision was automatically updated to reflect the committed changes.