[Dnsmasq-discuss] logging to stderr

clemens fischer ino-news at spotteswoode.dnsalias.org
Fri May 7 11:51:19 BST 2010


Hi,

'uname -rims' -> Linux 2.6.33.3-spott i686 AuthenticAMD
dnsmasq version is 2.52 compiled with default options.

I'm running dnsmasq supervised[1].  I want _all_ logging to go to
stderr, but root privilege is not needed.  My system isn't loaded much
and currently I only need the DHCP server part.  This is for serving
DHCP data to virtualbox'es.

There is the "-d" option to have all logging on stderr, which is
helpful, but I'm uncomfortable with risking root.  Normally I'd look for
the place where logfile-name and log-fd are connected, insert a check if
the length of the name is one and its value equal to '-' and return
STDERR_FILENO as the fd.  With dnsmasq's code it's not that easy (for
me).

  $ hg diff
  diff --git a/dnsmasq-2.52/src/dnsmasq.c b/dnsmasq-2.52/src/dnsmasq.c
  --- a/dnsmasq-2.52/src/dnsmasq.c
  +++ b/dnsmasq-2.52/src/dnsmasq.c
  @@ -348,7 +348,9 @@ int main (int argc, char **argv)
         /* open  stdout etc to /dev/null */
         nullfd = open("/dev/null", O_RDWR);
         dup2(nullfd, STDOUT_FILENO);
  +      /* -ino: 100506-2119
         dup2(nullfd, STDERR_FILENO);
  +      */
         dup2(nullfd, STDIN_FILENO);
         close(nullfd);
       }

This is my rough work-around, it lets me do this:

  09:42:02.26 + exec /usr/local/sbin/dnsmasq -C /etc/dnsmasq.conf \
      -u nobody -g nobody -p 0 --log-dhcp --log-facility=/dev/fd/2 --log-async=0 -k
  09:42:02.34 May  7 11:42:02 dnsmasq[2288]: started, version 2.52 DNS disabled
  09:42:02.34 May  7 11:42:02 dnsmasq[2288]: compile time options: \
      IPv6 GNU-getopt no-DBus no-I18N DHCP TFTP
  09:42:02.34 May  7 11:42:02 dnsmasq-dhcp[2288]: DHCP, \
      IP range 192.168.7.50 -- 192.168.7.150, lease time 12h

It obviously works, but I'm unable to provide a better patch right now.
Has somebody something better regarding security and checking for
a magic filename?  I know that the dup2() call is there for a reason,
possibly isolating dhcp scripts from dnsmasq's processing, but my patch
was the simplest I could come up with.  OTOH I can well imagine other
people having the same problem, so the functionality might have its
place in the code base.

[1] http://smarden.org/runit/


Regards, Clemens




More information about the Dnsmasq-discuss mailing list