FS#22153 - [syslog-ng] create /dev/log as a unix-dgram socket instead of stream
Attached to Project:
Arch Linux
Opened by Dave Reisner (falconindy) - Monday, 20 December 2010, 13:56 GMT
Last edited by Eric Belanger (Snowman) - Monday, 14 February 2011, 05:24 GMT
Opened by Dave Reisner (falconindy) - Monday, 20 December 2010, 13:56 GMT
Last edited by Eric Belanger (Snowman) - Monday, 14 February 2011, 05:24 GMT
|
Details
We currently ship a syslog-ng.conf file which opens /dev/log
as a stream socket instead of a datagram socket. I would
like to propose that we change this to a unix-dgram. This is
a very simple change and only requires modifying a single
line in the conf file that we ship.
Rationale: 1) Security -- /dev/log used to be a stream socket by default, circa 1999. Unfortunately, I can't get a link to the security issue in question, because the site is currently down, but [1] has a reference to it. glibc (as of libc6) by default will always try to open /dev/log as a DGRAM socket first. 2) Lower overhead -- Balazs Scheidler, the maintainer of syslog-ng wrongly claims in the syslog-ng FAQ [2] that a SOCK_STREAM is "better" because it doesn't lose messages like a SOCK_DGRAM. He corrects himself [3], as the linux implementation of SOCK_DGRAM type unix socket is not actually prone to losing data. 3) Many other major implementations of system loggers (such as rsyslog or klogd) use a DGRAM socket. [1] http://marc.info/?l=syslog-ng&m=110742184716042&w=2 [2] http://www.campin.net/syslog-ng/faq.html#AEN191 [3] https://lists.balabit.hu/pipermail/syslog-ng/2008-April/011605.html |
This task depends upon
Closed by Eric Belanger (Snowman)
Monday, 14 February 2011, 05:24 GMT
Reason for closing: Implemented
Additional comments about closing: syslog-ng 3.2.2-1
Monday, 14 February 2011, 05:24 GMT
Reason for closing: Implemented
Additional comments about closing: syslog-ng 3.2.2-1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384802