[Dnsmasq-discuss] logging to stderr
clemens fischer
ino-news at spotteswoode.dnsalias.org
Fri May 7 11:51:19 BST 2010
Hi,
'uname -rims' -> Linux 2.6.33.3-spott i686 AuthenticAMD
dnsmasq version is 2.52 compiled with default options.
I'm running dnsmasq supervised[1]. I want _all_ logging to go to
stderr, but root privilege is not needed. My system isn't loaded much
and currently I only need the DHCP server part. This is for serving
DHCP data to virtualbox'es.
There is the "-d" option to have all logging on stderr, which is
helpful, but I'm uncomfortable with risking root. Normally I'd look for
the place where logfile-name and log-fd are connected, insert a check if
the length of the name is one and its value equal to '-' and return
STDERR_FILENO as the fd. With dnsmasq's code it's not that easy (for
me).
$ hg diff
diff --git a/dnsmasq-2.52/src/dnsmasq.c b/dnsmasq-2.52/src/dnsmasq.c
--- a/dnsmasq-2.52/src/dnsmasq.c
+++ b/dnsmasq-2.52/src/dnsmasq.c
@@ -348,7 +348,9 @@ int main (int argc, char **argv)
/* open stdout etc to /dev/null */
nullfd = open("/dev/null", O_RDWR);
dup2(nullfd, STDOUT_FILENO);
+ /* -ino: 100506-2119
dup2(nullfd, STDERR_FILENO);
+ */
dup2(nullfd, STDIN_FILENO);
close(nullfd);
}
This is my rough work-around, it lets me do this:
09:42:02.26 + exec /usr/local/sbin/dnsmasq -C /etc/dnsmasq.conf \
-u nobody -g nobody -p 0 --log-dhcp --log-facility=/dev/fd/2 --log-async=0 -k
09:42:02.34 May 7 11:42:02 dnsmasq[2288]: started, version 2.52 DNS disabled
09:42:02.34 May 7 11:42:02 dnsmasq[2288]: compile time options: \
IPv6 GNU-getopt no-DBus no-I18N DHCP TFTP
09:42:02.34 May 7 11:42:02 dnsmasq-dhcp[2288]: DHCP, \
IP range 192.168.7.50 -- 192.168.7.150, lease time 12h
It obviously works, but I'm unable to provide a better patch right now.
Has somebody something better regarding security and checking for
a magic filename? I know that the dup2() call is there for a reason,
possibly isolating dhcp scripts from dnsmasq's processing, but my patch
was the simplest I could come up with. OTOH I can well imagine other
people having the same problem, so the functionality might have its
place in the code base.
[1] http://smarden.org/runit/
Regards, Clemens
More information about the Dnsmasq-discuss
mailing list