[Dnsmasq-discuss] logging to stderr
richardvoigt at gmail.com
richardvoigt at gmail.com
Fri May 7 15:48:13 BST 2010
On Fri, May 7, 2010 at 7:56 AM, Simon Kelley <simon at thekelleys.org.uk> wrote:
> clemens fischer wrote:
>> Hi,
>>
>> 'uname -rims' -> Linux 2.6.33.3-spott i686 AuthenticAMD
>> dnsmasq version is 2.52 compiled with default options.
>>
>> I'm running dnsmasq supervised[1]. I want _all_ logging to go to
>> stderr, but root privilege is not needed. My system isn't loaded much
>> and currently I only need the DHCP server part. This is for serving
>> DHCP data to virtualbox'es.
>>
>> There is the "-d" option to have all logging on stderr, which is
>> helpful, but I'm uncomfortable with risking root. Normally I'd look for
>> the place where logfile-name and log-fd are connected, insert a check if
>> the length of the name is one and its value equal to '-' and return
>> STDERR_FILENO as the fd. With dnsmasq's code it's not that easy (for
>> me).
>>
>> $ hg diff
>> diff --git a/dnsmasq-2.52/src/dnsmasq.c b/dnsmasq-2.52/src/dnsmasq.c
>> --- a/dnsmasq-2.52/src/dnsmasq.c
>> +++ b/dnsmasq-2.52/src/dnsmasq.c
>> @@ -348,7 +348,9 @@ int main (int argc, char **argv)
>> /* open stdout etc to /dev/null */
>> nullfd = open("/dev/null", O_RDWR);
>> dup2(nullfd, STDOUT_FILENO);
>> + /* -ino: 100506-2119
>> dup2(nullfd, STDERR_FILENO);
>> + */
>> dup2(nullfd, STDIN_FILENO);
>> close(nullfd);
>> }
>>
>> This is my rough work-around, it lets me do this:
>>
>> 09:42:02.26 + exec /usr/local/sbin/dnsmasq -C /etc/dnsmasq.conf \
>> -u nobody -g nobody -p 0 --log-dhcp --log-facility=/dev/fd/2 --log-async=0 -k
>> 09:42:02.34 May 7 11:42:02 dnsmasq[2288]: started, version 2.52 DNS disabled
>> 09:42:02.34 May 7 11:42:02 dnsmasq[2288]: compile time options: \
>> IPv6 GNU-getopt no-DBus no-I18N DHCP TFTP
>> 09:42:02.34 May 7 11:42:02 dnsmasq-dhcp[2288]: DHCP, \
>> IP range 192.168.7.50 -- 192.168.7.150, lease time 12h
>>
>> It obviously works, but I'm unable to provide a better patch right now.
>> Has somebody something better regarding security and checking for
>> a magic filename? I know that the dup2() call is there for a reason,
>> possibly isolating dhcp scripts from dnsmasq's processing, but my patch
>> was the simplest I could come up with. OTOH I can well imagine other
>> people having the same problem, so the functionality might have its
>> place in the code base.
>>
>> [1] http://smarden.org/runit/
>>
>>
>> Regards, Clemens
>>
>>
>
> Would it be possible to use a named pipe as the target for
> --log-facility, and read from that?
Isn't /proc/self/fd/2 the "name" for stderr?
>
>
> Cheers,
>
> Simon.
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
More information about the Dnsmasq-discuss
mailing list