Re: Bug#126750: klogd should optionally be started from init(8)

To: Henrique de Moraes Holschuh <hmh@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Bug#126750: klogd should optionally be started from init(8)
From: Dominik Kubla <kubla@sciobyte.de>
Date: Sun, 30 Dec 2001 23:45:38 +0100
Message-id: <[🔎] 20011230224538.GA1692@duron.intern.kubla.de>
In-reply-to: <[🔎] 20011230201336.A2416@khazad-dum>
References: <[🔎] 20011229202322.A7540@khazad-dum> <[🔎] 20011229214727.C7540@khazad-dum> <[🔎] 20011230000347.GA3774@duron.intern.kubla.de> <[🔎] 20011230004349.9CF1416978@lyta.coker.com.au> <[🔎] 20011229230239.A13179@khazad-dum> <[🔎] 20011230141855.GC3774@duron.intern.kubla.de> <[🔎] 20011230201336.A2416@khazad-dum>

On Sun, Dec 30, 2001 at 08:13:36PM -0200, Henrique de Moraes Holschuh wrote:

Just to make that clear: I didn't want to imply that you were stupid. 

> I want the LOGGING daemons (i.e. only syslog and klogd), which ALREADY run
> as root, to be restarted should they die. Due to OOM killer, due to
> segfaults. Whatever.

It could be argued that those need not be run as root. All they need
are the necessary capabilities:

Open a low port for syslogd (only if you allow remote logging) and
read the kernel message buffer for klogd. That is not too difficult
to archieve. OTOH does a syslogd running as root offer the possibility
of a local or even remote root exploit. That is the reason Debian
ships with remote logging disabled by default. With a proper setup and
a little setuid root wrapper they can perfectly run as daemon. And with
fs-based POSIX capabilites you don't even need the wrapper.

BTW. I still don't see a need for a special treatment of the logging
daemons. If they fail, they fail. The system still works. But if they
are not killed by OOM because of an excemption the system might kill
the nfs daemon or the sendmail process.  So where do you draw the line?
Keep in mind that if the system is so resource starved that the OOM
mechanism kicks in, the failing processes might not be able to log
anything meaningful anyway.

Dominik Kubla
-- 
ScioByte GmbH    Zum Schiersteiner Grund 2     55127 Mainz (Germany)
Phone: +49 700 724 629 83                    Fax: +49 700 724 629 84
1024D/717F16BB    A384 F5F1 F566 5716 5485  27EF 3B00 C007 717F 16BB

Reply to:

Follow-Ups:
- Re: Bug#126750: klogd should optionally be started from init(8)
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

References:
- Re: Bug#126750: klogd should optionally be started from init(8)
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Bug#126750: klogd should optionally be started from init(8)
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Bug#126750: klogd should optionally be started from init(8)
  - From: Dominik Kubla <kubla@sciobyte.de>
- Re: Bug#126750: klogd should optionally be started from init(8)
  - From: Russell Coker <russell@coker.com.au>
- Re: Bug#126750: klogd should optionally be started from init(8)
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Bug#126750: klogd should optionally be started from init(8)
  - From: Dominik Kubla <kubla@sciobyte.de>
- Re: Bug#126750: klogd should optionally be started from init(8)
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: Bug#126750: klogd should optionally be started from init(8)
Next by Date: Re: Bug#126750: klogd should optionally be started from init(8)
Previous by thread: Re: Bug#126750: klogd should optionally be started from init(8)
Next by thread: Re: Bug#126750: klogd should optionally be started from init(8)
Index(es):
- Date
- Thread