[Dnsmasq-discuss] logging to stderr

Simon Kelley simon at thekelleys.org.uk
Fri May 7 13:56:41 BST 2010


clemens fischer wrote:
> Hi,
> 
> 'uname -rims' -> Linux 2.6.33.3-spott i686 AuthenticAMD
> dnsmasq version is 2.52 compiled with default options.
> 
> I'm running dnsmasq supervised[1].  I want _all_ logging to go to
> stderr, but root privilege is not needed.  My system isn't loaded much
> and currently I only need the DHCP server part.  This is for serving
> DHCP data to virtualbox'es.
> 
> There is the "-d" option to have all logging on stderr, which is
> helpful, but I'm uncomfortable with risking root.  Normally I'd look for
> the place where logfile-name and log-fd are connected, insert a check if
> the length of the name is one and its value equal to '-' and return
> STDERR_FILENO as the fd.  With dnsmasq's code it's not that easy (for
> me).
> 
>   $ hg diff
>   diff --git a/dnsmasq-2.52/src/dnsmasq.c b/dnsmasq-2.52/src/dnsmasq.c
>   --- a/dnsmasq-2.52/src/dnsmasq.c
>   +++ b/dnsmasq-2.52/src/dnsmasq.c
>   @@ -348,7 +348,9 @@ int main (int argc, char **argv)
>          /* open  stdout etc to /dev/null */
>          nullfd = open("/dev/null", O_RDWR);
>          dup2(nullfd, STDOUT_FILENO);
>   +      /* -ino: 100506-2119
>          dup2(nullfd, STDERR_FILENO);
>   +      */
>          dup2(nullfd, STDIN_FILENO);
>          close(nullfd);
>        }
> 
> This is my rough work-around, it lets me do this:
> 
>   09:42:02.26 + exec /usr/local/sbin/dnsmasq -C /etc/dnsmasq.conf \
>       -u nobody -g nobody -p 0 --log-dhcp --log-facility=/dev/fd/2 --log-async=0 -k
>   09:42:02.34 May  7 11:42:02 dnsmasq[2288]: started, version 2.52 DNS disabled
>   09:42:02.34 May  7 11:42:02 dnsmasq[2288]: compile time options: \
>       IPv6 GNU-getopt no-DBus no-I18N DHCP TFTP
>   09:42:02.34 May  7 11:42:02 dnsmasq-dhcp[2288]: DHCP, \
>       IP range 192.168.7.50 -- 192.168.7.150, lease time 12h
> 
> It obviously works, but I'm unable to provide a better patch right now.
> Has somebody something better regarding security and checking for
> a magic filename?  I know that the dup2() call is there for a reason,
> possibly isolating dhcp scripts from dnsmasq's processing, but my patch
> was the simplest I could come up with.  OTOH I can well imagine other
> people having the same problem, so the functionality might have its
> place in the code base.
> 
> [1] http://smarden.org/runit/
> 
> 
> Regards, Clemens
> 
> 

Would it be possible to use a named pipe as the target for
--log-facility, and read from that?


Cheers,

Simon.



More information about the Dnsmasq-discuss mailing list