[Dnsmasq-discuss] logging to stderr
Simon Kelley
simon at thekelleys.org.uk
Fri May 7 13:56:41 BST 2010
clemens fischer wrote:
> Hi,
>
> 'uname -rims' -> Linux 2.6.33.3-spott i686 AuthenticAMD
> dnsmasq version is 2.52 compiled with default options.
>
> I'm running dnsmasq supervised[1]. I want _all_ logging to go to
> stderr, but root privilege is not needed. My system isn't loaded much
> and currently I only need the DHCP server part. This is for serving
> DHCP data to virtualbox'es.
>
> There is the "-d" option to have all logging on stderr, which is
> helpful, but I'm uncomfortable with risking root. Normally I'd look for
> the place where logfile-name and log-fd are connected, insert a check if
> the length of the name is one and its value equal to '-' and return
> STDERR_FILENO as the fd. With dnsmasq's code it's not that easy (for
> me).
>
> $ hg diff
> diff --git a/dnsmasq-2.52/src/dnsmasq.c b/dnsmasq-2.52/src/dnsmasq.c
> --- a/dnsmasq-2.52/src/dnsmasq.c
> +++ b/dnsmasq-2.52/src/dnsmasq.c
> @@ -348,7 +348,9 @@ int main (int argc, char **argv)
> /* open stdout etc to /dev/null */
> nullfd = open("/dev/null", O_RDWR);
> dup2(nullfd, STDOUT_FILENO);
> + /* -ino: 100506-2119
> dup2(nullfd, STDERR_FILENO);
> + */
> dup2(nullfd, STDIN_FILENO);
> close(nullfd);
> }
>
> This is my rough work-around, it lets me do this:
>
> 09:42:02.26 + exec /usr/local/sbin/dnsmasq -C /etc/dnsmasq.conf \
> -u nobody -g nobody -p 0 --log-dhcp --log-facility=/dev/fd/2 --log-async=0 -k
> 09:42:02.34 May 7 11:42:02 dnsmasq[2288]: started, version 2.52 DNS disabled
> 09:42:02.34 May 7 11:42:02 dnsmasq[2288]: compile time options: \
> IPv6 GNU-getopt no-DBus no-I18N DHCP TFTP
> 09:42:02.34 May 7 11:42:02 dnsmasq-dhcp[2288]: DHCP, \
> IP range 192.168.7.50 -- 192.168.7.150, lease time 12h
>
> It obviously works, but I'm unable to provide a better patch right now.
> Has somebody something better regarding security and checking for
> a magic filename? I know that the dup2() call is there for a reason,
> possibly isolating dhcp scripts from dnsmasq's processing, but my patch
> was the simplest I could come up with. OTOH I can well imagine other
> people having the same problem, so the functionality might have its
> place in the code base.
>
> [1] http://smarden.org/runit/
>
>
> Regards, Clemens
>
>
Would it be possible to use a named pipe as the target for
--log-facility, and read from that?
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list