Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 Sep 2011 06:41:13 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject:   svn commit: r225504 - stable/8/usr.sbin/syslogd
Message-ID:  <201109120641.p8C6fDrn014118@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: delphij
Date: Mon Sep 12 06:41:13 2011
New Revision: 225504
URL: http://svn.freebsd.org/changeset/base/225504

Log:
  MFC r224002:
  
  Add a new option, -N to disable the default and recommended syslogd(8)
  behavior, which binds to the well known UDP port.
  
  This option implies -s.

Modified:
  stable/8/usr.sbin/syslogd/syslogd.8
  stable/8/usr.sbin/syslogd/syslogd.c
Directory Properties:
  stable/8/usr.sbin/syslogd/   (props changed)

Modified: stable/8/usr.sbin/syslogd/syslogd.8
==============================================================================
--- stable/8/usr.sbin/syslogd/syslogd.8	Mon Sep 12 04:56:48 2011	(r225503)
+++ stable/8/usr.sbin/syslogd/syslogd.8	Mon Sep 12 06:41:13 2011	(r225504)
@@ -36,7 +36,7 @@
 .Nd log systems messages
 .Sh SYNOPSIS
 .Nm
-.Op Fl 468ACcdknosuv
+.Op Fl 468ACcdkNnosuv
 .Op Fl a Ar allowed_peer
 .Op Fl b Ar bind_address
 .Op Fl f Ar config_file
@@ -208,6 +208,13 @@ facility is reserved for messages read d
 Select the number of minutes between
 .Dq mark
 messages; the default is 20 minutes.
+.It Fl N
+Disable binding on UDP sockets.  RFC 3164 recommends that outgoing
+syslogd messages should originate from the privileged port, this
+option
+.Em disables
+the recommended behavior.  This option inherits
+.Fl s .
 .It Fl n
 Disable dns query for every request.
 .It Fl o

Modified: stable/8/usr.sbin/syslogd/syslogd.c
==============================================================================
--- stable/8/usr.sbin/syslogd/syslogd.c	Mon Sep 12 04:56:48 2011	(r225503)
+++ stable/8/usr.sbin/syslogd/syslogd.c	Mon Sep 12 06:41:13 2011	(r225504)
@@ -278,6 +278,7 @@ static int	fklog = -1;	/* /dev/klog */
 static int	Initialized;	/* set when we have initialized ourselves */
 static int	MarkInterval = 20 * 60;	/* interval between marks in seconds */
 static int	MarkSeq;	/* mark sequence number */
+static int	NoBind;		/* don't bind() as suggested by RFC 3164 */
 static int	SecureMode;	/* when true, receive only unix domain socks */
 #ifdef INET6
 static int	family = PF_UNSPEC; /* protocol family (IPv4, IPv6 or both) */
@@ -357,7 +358,7 @@ main(int argc, char *argv[])
 		dprintf("madvise() failed: %s\n", strerror(errno));
 
 	bindhostname = NULL;
-	while ((ch = getopt(argc, argv, "468Aa:b:cCdf:kl:m:nop:P:sS:Tuv"))
+	while ((ch = getopt(argc, argv, "468Aa:b:cCdf:kl:m:nNop:P:sS:Tuv"))
 	    != -1)
 		switch (ch) {
 		case '4':
@@ -436,6 +437,10 @@ main(int argc, char *argv[])
 		case 'm':		/* mark interval */
 			MarkInterval = atoi(optarg) * 60;
 			break;
+		case 'N':
+			NoBind = 1;
+			SecureMode = 1;
+			break;
 		case 'n':
 			resolve = 0;
 			break;
@@ -2662,13 +2667,24 @@ socksetup(int af, const char *bindhostna
 			close(*s);
 			continue;
 		}
-		if (bind(*s, r->ai_addr, r->ai_addrlen) < 0) {
-			close(*s);
-			logerror("bind");
-			continue;
-		}
+		/*
+		 * RFC 3164 recommends that client side message
+		 * should come from the privileged syslogd port.
+		 *
+		 * If the system administrator choose not to obey
+		 * this, we can skip the bind() step so that the
+		 * system will choose a port for us.
+		 */
+		if (!NoBind) {
+			if (bind(*s, r->ai_addr, r->ai_addrlen) < 0) {
+				close(*s);
+				logerror("bind");
+				continue;
+			}
 
-		double_rbuf(*s);
+			if (!SecureMode)
+				double_rbuf(*s);
+		}
 
 		(*socks)++;
 		s++;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201109120641.p8C6fDrn014118>