libc/syslog: deprecate use of "/var/run/logpriv"

This additional socket was created in 2e89951b6f and 240d5a9b1c to try workaround problems with classic PF_UNIX/SOCK_DGRAM sockets. With recent changes in kernel this trick is no longer needed, so the trick can be reverted. In syslogd(8) we would still create the socket for the next several major releases for compatibility. Differential revision: https://reviews.freebsd.org/D35305
2024-07-22 18:56:38 +00:00 · 2022-06-24 09:09:11 -07:00 · 2022-06-24 09:09:11 -07:00 · ddc6890519
parent f9e62cbacc
commit ddc6890519
1 changed files with 14 additions and 61 deletions
--- a/lib/libc/gen/syslog.c
+++ b/lib/libc/gen/syslog.c
@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$");
 #include <fcntl.h>
 #include <paths.h>
 #include <pthread.h>
+#include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@ -61,7 +62,7 @@ __FBSDID("$FreeBSD$");
 #define	MAXLINE		8192

 static int	LogFile = -1;		/* fd for log */
-static int	status;			/* connection status */
+static bool	connected;		/* have done connect */
 static int	opened;			/* have done openlog() */
 static int	LogStat = 0;		/* status bits, set by openlog() */
 static const char *LogTag = NULL;	/* string to tag the entry with */
@ -85,12 +86,6 @@ static void	disconnectlog(void); /* disconnect from syslogd */
 static void	connectlog(void);	/* (re)connect to syslogd */
 static void	openlog_unlocked(const char *, int, int);

-enum {
-	NOCONN = 0,
-	CONNDEF,
-	CONNPRIV,
-};
-
 /*
 * Format of the magic cookie passed through the stdio hook
 */
@ -291,48 +286,19 @@ vsyslog1(int pri, const char *fmt, va_list ap)
 	connectlog();

 	/*
-	 * If the send() fails, there are two likely scenarios: 
-	 *  1) syslogd was restarted
-	 *  2) /var/run/log is out of socket buffer space, which
-	 *     in most cases means local DoS.
-	 * If the error does not indicate a full buffer, we address
-	 * case #1 by attempting to reconnect to /var/run/log[priv]
-	 * and resending the message once.
-	 *
-	 * If we are working with a privileged socket, the retry
-	 * attempts end there, because we don't want to freeze a
-	 * critical application like su(1) or sshd(8).
-	 *
-	 * Otherwise, we address case #2 by repeatedly retrying the
-	 * send() to give syslogd a chance to empty its socket buffer.
+	 * If the send() failed, there are two likely scenarios:
+	 * 1) syslogd was restarted.  In this case make one (only) attempt
+	 *    to reconnect.
+	 * 2) We filled our buffer due to syslogd not being able to read
+	 *    as fast as we write.  In this case prefer to lose the current
+	 *    message rather than whole buffer of previously logged data.
 	 */
-
 	if (send(LogFile, tbuf, cnt, 0) < 0) {
 		if (errno != ENOBUFS) {
-			/*
-			 * Scenario 1: syslogd was restarted
-			 * reconnect and resend once
-			 */
 			disconnectlog();
 			connectlog();
 			if (send(LogFile, tbuf, cnt, 0) >= 0)
 				return;
-			/*
-			 * if the resend failed, fall through to
-			 * possible scenario 2
-			 */
-		}
-		while (errno == ENOBUFS) {
-			/*
-			 * Scenario 2: out of socket buffer space
-			 * possible DoS, fail fast on a privileged
-			 * socket
-			 */
-			if (status == CONNPRIV)
-				break;
-			_usleep(1);
-			if (send(LogFile, tbuf, cnt, 0) >= 0)
-				return;
 		}
 	} else
 		return;
@ -389,7 +355,7 @@ disconnectlog(void)
 		_close(LogFile);
 		LogFile = -1;
 	}
-	status = NOCONN;			/* retry connect */
+	connected = false;			/* retry connect */
 }

 /* Should be called with mutex acquired */
@ -413,29 +379,16 @@ connectlog(void)
 			}
 		}
 	}
-	if (LogFile != -1 && status == NOCONN) {
+	if (!connected) {
 		SyslogAddr.sun_len = sizeof(SyslogAddr);
 		SyslogAddr.sun_family = AF_UNIX;

-		/*
-		 * First try privileged socket. If no success,
-		 * then try default socket.
-		 */
-		(void)strncpy(SyslogAddr.sun_path, _PATH_LOG_PRIV,
+		(void)strncpy(SyslogAddr.sun_path, _PATH_LOG,
 		    sizeof SyslogAddr.sun_path);
 		if (_connect(LogFile, (struct sockaddr *)&SyslogAddr,
 		    sizeof(SyslogAddr)) != -1)
-			status = CONNPRIV;
-
-		if (status == NOCONN) {
-			(void)strncpy(SyslogAddr.sun_path, _PATH_LOG,
-			    sizeof SyslogAddr.sun_path);
-			if (_connect(LogFile, (struct sockaddr *)&SyslogAddr,
-			    sizeof(SyslogAddr)) != -1)
-				status = CONNDEF;
-		}
-
-		if (status == NOCONN) {
+			connected = true;
+		else {
 			(void)_close(LogFile);
 			LogFile = -1;
 		}
@ -477,7 +430,7 @@ closelog(void)
 		LogFile = -1;
 	}
 	LogTag = NULL;
-	status = NOCONN;
+	connected = false;
 	THREAD_UNLOCK();
 }