syslog-ng 1.1.24 - syslog-ng - lists.balabit.hu

newer
syslog-ng and solaris again

syslog-ng 1.1.24

older
Re: syslog-ng digest, Vol 1 #39 -...

Balazs Scheidler

10 Jun 1999 10 Jun '99

1:42 p.m.

Hi, This release fixes the solaris compilation bugs. Nothing else is changed now. -- Bazsi PGP key: http://www.balabit.hu/pgpkey.txt, or finger bazsi@balabit.hu

Show replies by date

Rob Cermak

10 Jun 10 Jun

3:58 p.m.

I hunted down the scheme shell and installed it. Grabbed the .24 and compiled. Still segv on attempts to log any message in Solaris 2.6. I'm currently using tcp_wrappers, just wondering if that has any side effects. I can cause syslog-ng to dump when I telnet from a machine that does not have access -- thus causing a security message to be sent to the logger. Looks like null pointer information being passed to c_format in afdoor.c: coquille{root}157: gdb /usr/local/sbin/syslog-ng GNU gdb 4.17 Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "sparc-sun-solaris2.6"... (gdb) run -d -v -f /etc/syslog-ng.conf Starting program: /usr/local/sbin/syslog-ng -d -v -f /etc/syslog-ng.conf [New LWP 2 ] [New LWP 3 ] [New LWP 4 ] syslog-ng version 1.1.24 starting [New LWP 5 ] [New LWP 6 ] Program received signal SIGSEGV, Segmentation fault. [Switching to LWP 4 ] Program received signal SIGSEGV, Segmentation fault. 0x1e4c4 in c_vformat_length () (gdb) where #0 0x1e4c4 in c_vformat_length () #1 0x1e440 in c_format () #2 0x1c3e0 in afdoor_server_proc (cookie=0x4d060, argp=0x0, arg_size=0, dp=0x0, n_desc=0) at afdoor.c:54 This is the the current conf file I'm using for the syslog-ng.conf: # Setup global options options { sync(10); }; # Setup source pipes source src { sun-door /etc/.syslog_door; internal; }; # Setup destination pipes destination everything { file /var/log/sys sync(2); }; # Connect log pipes from source to destination log { source src; destination everything; }; Rob

Balazs Scheidler

4:18 p.m.

On Thu, Jun 10, 1999 at 09:58:07AM -0400, Rob Cermak wrote:

I hunted down the scheme shell and installed it. Grabbed the .24 and compiled. Still segv on attempts to log any message in Solaris 2.6.

I'm currently using tcp_wrappers, just wondering if that has any side effects. I can cause syslog-ng to dump when I telnet from a machine that does not have access -- thus causing a security message to be sent to the logger.

Looks like null pointer information being passed to c_format in afdoor.c:

please try the following patch. diff -urN syslog-ng-1.1.24/src/afdoor.c syslog-ng-1.1.25/src/afdoor.c --- syslog-ng-1.1.24/src/afdoor.c Sun Jun 6 13:36:17 1999 +++ syslog-ng-1.1.25/src/afdoor.c Thu Jun 10 16:13:20 1999 @@ -51,8 +51,10 @@ void afdoor_server_proc(void *cookie, char *argp, size_t arg_size, door_desc_t *dp, size_t n_desc) { CAST(afdoor_source, handler, cookie); - struct log_info *msg = make_log_info(c_format(argp, arg_size)); - HANDLE_LOG(handler, msg); + if (argp) { + struct log_info *msg = make_log_info(c_format("%z", argp, arg_size)); + HANDLE_LOG(handler, msg); + } } static int do_init_afdoor_source(struct log_handler *c, struct syslog_conf *cfg) -- Bazsi PGP key: http://www.balabit.hu/pgpkey.txt, or finger bazsi@balabit.hu

Rob Cermak

7:17 p.m.

That patch is holding. Logging seems to be working, but nothing appears in the log file. syslog-ng did create the file. -rw------- 1 root daemon 0 Jun 9 15:28 sys (gdb) run -d -v -f /etc/syslog-ng.conf Starting program: /usr/local/sbin/syslog-ng -d -v -f /etc/syslog-ng.conf [New LWP 2 ] [New LWP 3 ] [New LWP 4 ] syslog-ng version 1.1.24 starting [New LWP 5 ] [New LWP 6 ] [New LWP 7 ] [New LWP 8 ] [New LWP 9 ] [New LWP 10 ] [New LWP 11 ] [New LWP 12 ] [New LWP 13 ] [New LWP 14 ] A new LWP line appears for each telnet/etc attempt. Sending a SIGHUP. Program received signal SIGHUP, Hangup. 0xef637368 in poll () (gdb) cont Continuing. SIGHUP received, restarting syslog-ng new configuration initialized The restart message is not seen in /var/log/sys. /etc/syslog-ng.conf # Setup global options options { sync(10); }; # Setup source pipes source src { sun-door /etc/.syslog_door; internal; }; # Setup destination pipes destination everything { file /var/log/sys sync(2); }; # Connect log pipes from source to destination log { source src; destination everything; };

Balazs Scheidler

8:29 p.m.

On Thu, Jun 10, 1999 at 01:17:55PM -0400, Rob Cermak wrote:

That patch is holding. Logging seems to be working, but nothing appears in the log file. syslog-ng did create the file.

-rw------- 1 root daemon 0 Jun 9 15:28 sys

(gdb) run -d -v -f /etc/syslog-ng.conf Starting program: /usr/local/sbin/syslog-ng -d -v -f /etc/syslog-ng.conf [New LWP 2 ] [New LWP 3 ] [New LWP 4 ] syslog-ng version 1.1.24 starting [New LWP 5 ] [New LWP 6 ] [New LWP 7 ] [New LWP 8 ] [New LWP 9 ] [New LWP 10 ] [New LWP 11 ] [New LWP 12 ] [New LWP 13 ] [New LWP 14 ]

A new LWP line appears for each telnet/etc attempt.

Sending a SIGHUP.

Program received signal SIGHUP, Hangup. 0xef637368 in poll () (gdb) cont Continuing. SIGHUP received, restarting syslog-ng new configuration initialized

The restart message is not seen in /var/log/sys.

if you add -d to the command line it will _NOT_ write its internal messages to the log file only to the console. Could you please put a breakpoint to afdoor_server_proc, and check its parameters when log messages arrive? afdoor_server_proc has the following parameters: void afdoor_server_proc(void *cookie, char *argp, size_t arg_size, door_desc_t *dp, size_t n_desc) * cookie is a parameter can be passed to this callback function, it contains the pointer of the afdoor_source pointer * argp should contain the log message itself * arg_size is the number of characters in argp * dp is an array of n_desc elements, which may contain additional arguments The log message itself should be pointed by argp. void afdoor_server_proc(void *cookie, char *argp, size_t arg_size, door_desc_t *dp, size_t n_desc) { CAST(afdoor_source, handler, cookie); if (argp) { struct log_info *msg = make_log_info(c_format("%z", argp, arg_size)); HANDLE_LOG(handler, msg); } door_return(NULL, 0, NULL, 0); } Please add the last line of this function to your afdoor.c (the one with the door_return invocation) -- Bazsi PGP key: http://www.balabit.hu/pgpkey.txt, or finger bazsi@balabit.hu

Balazs Scheidler

9:11 p.m.

Could you please put a breakpoint to afdoor_server_proc, and check its parameters when log messages arrive?

I could find a way to test door functionality without root privileges on a solaris 2.6 box. (I extracted syslog.o from libc.a, edited it so that it tries to open etc/.syslog_door instead of /etc/.syslog_door, and created the door under the local directory, and wrote a simple syslog client.) The problem is that all parameters passed to my door server procedure are NULL all the time (except for cookie). The reason for this is unknown. -- Bazsi PGP key: http://www.balabit.hu/pgpkey.txt, or finger bazsi@balabit.hu

Jubal Kessler

11 Jun 11 Jun

6:26 a.m.

New subject: scsh (scheme shell) website

Quick note: You can download scsh (scheme shell) from the official website, at: http://www-swiss.ai.mit.edu/scsh/ --- Jubal Kessler, Systems Administrator, interQ Incorporated Key Fingerprint: 5D32 BEB1 8E4B B454 6B9A FDCD 2D4C 19DD 9B47 7DC4

Jubal Kessler

10:31 a.m.

Well, I've compiled syslog-ng 1.2.24 along with libol 0.1.19, and still get the same results as I did with 1.2.22 and 0.1.18. syslog-ng cores after about 60 seconds. The configuration file works, as I can see four separate logfiles being generated. It just quits. Here is the gdb output: (gdb) run -d -v -f /etc/syslog-ng.conf Starting program: /usr/local/sbin/syslog-ng -d -v -f /etc/syslog-ng.conf [New LWP 2 ] [New LWP 3 ] [New LWP 4 ] syslog-ng version 1.1.24 starting [New LWP 5 ] [New LWP 6 ] Program received signal SIGSEGV, Segmentation fault. [Switching to LWP 4 ] Program received signal SIGSEGV, Segmentation fault. 0x1a840 in c_vformat_length () (gdb) where #0 0x1a840 in c_vformat_length () #1 0x1a7bc in c_format () #2 0x19628 in afdoor_server_proc () Same thing Rob Cermak noticed with his copy. I'm running Solaris 7.0 -- only difference between his copy and mine is that I am not logging any internal syslog messages, only those from external hosts. Also, I had an error when compiling, involving make_class. Strangely enough it does not occur on a stock compile of 1.2.24, but when I modified src/afdoor.c with the if (argp) { .. }, I get the "make_class: not found" error. The file afdoor.c.x is 0 bytes. I copied over a complete src/afdoor.c.x file (548 bytes) from the stock install dir and the compile works. scsh is installed.... I have tried running 1.2.24 with and without the subsequent modifications to afdoor.c. Anything else I can try? --Jubal --- Jubal Kessler, Systems Administrator, interQ Incorporated Key Fingerprint: 5D32 BEB1 8E4B B454 6B9A FDCD 2D4C 19DD 9B47 7DC4

Rob Cermak

2:19 p.m.

New subject: make_class/segv

I hit segv's early on. A patched .24 version works but as Bazsi and I have found, Sun is playing games again. Grab and install this package scsh-0.5.1.tar.gz before compileing libol. Libol uses scheme shell to do some what looks like to be object oriented extentions to the C langugage :) ** Looks like you did this; make sure its in your path and that libol knows about it. # head /usr/local/bin/make_class #! /usr/local/bin/scsh \ -e main -s I also got the same message because it wasn't able to find scsh. Bazsi sent a message out, which I confirmed, that argp being sent back from the afdoor fucntion is NULL. I've been scouring the 'net for syslog_door stuff. I haven't come up with anything reasonable yet. coquille{root}242: gdb ./syslog-ng GNU gdb 4.17 Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "sparc-sun-solaris2.6"... (gdb) run -f /etc/syslog-ng.conf Starting program: /h0/cermak/src/syslog-ng-1.1.24/src/./syslog-ng -f /etc/syslog-ng.conf [New LWP 2 ] [New LWP 3 ] [New LWP 4 ] ** Is this normal?? then I have to hunt to the forked proc id ** Program received signal SIGTERM, Terminated. 0xef6372ec in _pause () (gdb) break afdoor_server_proc Breakpoint 1 at 0x1c3e4: file afdoor.c, line 53. (gdb) cont Continuing. Program exited normally. (gdb) attach 1043 Attaching to program `/h0/cermak/src/syslog-ng-1.1.24/src/./syslog-ng', process 1043 Symbols already loaded for /usr/lib/libpthread.so.1 Symbols already loaded for /usr/lib/libdoor.so.1 Symbols already loaded for /usr/lib/libsocket.so.1 Symbols already loaded for /usr/lib/libnsl.so.1 Symbols already loaded for /usr/lib/libxnet.so.1 Symbols already loaded for /usr/lib/libc.so.1 Symbols already loaded for /usr/lib/libdl.so.1 Symbols already loaded for /usr/lib/libmp.so.2 Symbols already loaded for /usr/lib/libthread.so.1 sol-thread active. Symbols already loaded for /usr/lib/libpthread.so.1 Symbols already loaded for /usr/lib/libdoor.so.1 Symbols already loaded for /usr/lib/libsocket.so.1 Symbols already loaded for /usr/lib/libnsl.so.1 Symbols already loaded for /usr/lib/libxnet.so.1 Symbols already loaded for /usr/lib/libc.so.1 Symbols already loaded for /usr/lib/libdl.so.1 Symbols already loaded for /usr/lib/libmp.so.2 Symbols already loaded for /usr/lib/libthread.so.1 0xef636904 in door_restart () (gdb) cont Continuing. [New LWP 5 ] Breakpoint 1, afdoor_server_proc (cookie=0x4d0d0, argp=0x0, arg_size=0, dp=0x0, n_desc=0) at afdoor.c:53 53 CAST(afdoor_source, handler, cookie); Messages should be in argp... but that isn't the case. I confirmed that door_create and fattach were working. fattach returns a value of 3. Maybe I'll post a message to our system group to see if anybody knows more about these doors. Rob

Rob Cermak

2:28 p.m.

New subject: make_class/segv

Correcting myself, The file descriptor returned from create_door is 3. The return value for fattach is 0 (zero). Which according to the man_pages is good. Rob

Balazs Scheidler

13 Jun 13 Jun

9:09 p.m.

New subject: make_class/segv

compileing libol. Libol uses scheme shell to do some what looks like to be object oriented extentions to the C langugage :)

make_class provides some low-level OOP and a garbage collector.

Bazsi sent a message out, which I confirmed, that argp being sent back from the afdoor fucntion is NULL.

I've been scouring the 'net for syslog_door stuff. I haven't come up with anything reasonable yet.

I now tried syslog-1.0.4, which _did_ work (and is working at a couple of places), but it gets NULLs too. This is at least _very_ strange.

/etc/syslog-ng.conf [New LWP 2 ] [New LWP 3 ] [New LWP 4 ]

** Is this normal?? then I have to hunt to the forked proc id **

syslog-ng goes to background by forking and waiting for a SIGTERM signal to be sent. The child sends this SIGTERM signal when the initialization is complete. -- Bazsi

9613

Age (days ago)

9616

Last active (days ago)

Download

10 comments

4 participants

tags

participants (4)

Balazs Scheidler
Jubal Kessler
Rob Cermak
Rob Cermak