diff options
| author |   bluhm <bluhm@openbsd.org> | 2016-10-06 13:03:47 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2016-10-06 13:03:47 +0000 |
| commit | ece520b1ddcd66a6bbbc7e3021c52bd6ba7801f3 (patch) | |
| tree | 1d2ffaa0f4ba15719b4696b25ee61e09cdedfc31 /usr.sbin/syslogd/syslogd.c | |
| parent | init auto-partition table to zeroes; ok tb@ (diff) | |
| download | wireguard-openbsd-ece520b1ddcd66a6bbbc7e3021c52bd6ba7801f3.tar.xz wireguard-openbsd-ece520b1ddcd66a6bbbc7e3021c52bd6ba7801f3.zip | |
Do an exec on itself in the privileged syslogd(8) parent process
to reshuffle its memory layout.
Input rzalamena@; OK deraadt@
Diffstat (limited to 'usr.sbin/syslogd/syslogd.c')
| -rw-r--r-- | usr.sbin/syslogd/syslogd.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c index f592164cc8e..a1e04631571 100644 --- a/usr.sbin/syslogd/syslogd.c +++ b/usr.sbin/syslogd/syslogd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: syslogd.c,v 1.217 2016/10/06 11:24:04 bluhm Exp $ */ +/* $OpenBSD: syslogd.c,v 1.218 2016/10/06 13:03:47 bluhm Exp $ */ /* * Copyright (c) 1983, 1988, 1993, 1994 @@ -208,6 +208,7 @@ int Initialized = 0; /* set when we have initialized ourselves */ int MarkInterval = 20 * 60; /* interval between marks in seconds */ int MarkSeq = 0; /* mark sequence number */ +int PrivChild = 0; /* Exec the privileged parent process */ int SecureMode = 1; /* when true, speak only unix domain socks */ int NoDNS = 0; /* when true, will refrain from doing DNS lookups */ int ZuluTime = 0; /* display date and time in UTC ISO format */ @@ -359,7 +360,7 @@ main(int argc, char *argv[]) int ch, i; int lockpipe[2] = { -1, -1}, pair[2], nullfd, fd; - while ((ch = getopt(argc, argv, "46a:C:c:dFf:hK:k:m:np:S:s:T:U:uVZ")) + while ((ch = getopt(argc, argv, "46a:C:c:dFf:hK:k:m:nP:p:S:s:T:U:uVZ")) != -1) switch (ch) { case '4': /* disable IPv6 */ @@ -406,6 +407,11 @@ main(int argc, char *argv[]) case 'n': /* don't do DNS lookups */ NoDNS = 1; break; + case 'P': /* used internally, exec the parent */ + PrivChild = strtonum(optarg, 2, INT_MAX, &errstr); + if (errstr) + errx(1, "priv child %s: %s", errstr, optarg); + break; case 'p': /* path */ path_unix[0] = optarg; break; @@ -445,7 +451,7 @@ main(int argc, char *argv[]) default: usage(); } - if ((argc -= optind) != 0) + if (argc != optind) usage(); if (Debug) @@ -463,6 +469,9 @@ main(int argc, char *argv[]) } } + if (PrivChild > 1) + priv_exec(ConfFile, NoDNS, PrivChild, argc, argv); + consfile.f_type = F_CONSOLE; (void)strlcpy(consfile.f_un.f_fname, ctty, sizeof(consfile.f_un.f_fname)); @@ -695,8 +704,7 @@ main(int argc, char *argv[]) } /* Privilege separation begins here */ - if (priv_init(ConfFile, NoDNS, lockpipe[1], nullfd, argv) < 0) - errx(1, "unable to privsep"); + priv_init(lockpipe[1], nullfd, argc, argv); if (pledge("stdio unix inet recvfd", NULL) == -1) err(1, "pledge"); |