Bug 1000102

Summary: rsyslogd does not have its own process group or session id
Product: Red Hat Enterprise Linux 6 Reporter: Todd Vierling <tv>
Component: rsyslogAssignee: Radovan Sroka <rsroka>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: unspecified    
Version: 6.4CC: dkopecek
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-30 12:44:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
modification to use setsid() none

Description Todd Vierling 2013-08-22 16:53:27 UTC 
Created attachment 789275 [details]
modification to use setsid()

Description of problem:
rsyslogd does not own its pgrp or sid like most other system daemons

Version-Release number of selected component (if applicable):
rsyslog-5.8.10-6.el6

How reproducible:
Always

Steps to Reproduce:
$ ps axo pid,ppid,pgid,sid,comm | grep rsyslog

Actual results:
(for example)
16474     1 16420 16112 rsyslogd

Expected results:
16474     1 16474 16474 rsyslogd

Additional info:
The issue here is that a session leader may restart rsyslogd after modifying syslog rules, and then kill off rsyslogd itself if the sid/pgid is killed. There is code already existing in rsyslog to do the right thing (by calling setsid()), but it isn't used because of an error in configure.ac (the CHECK_FUNCS looked for "setid", not "setsid" -- a very old typo). In very old versions of rsyslogd, pre-autoconfiscation, this was guarded by "#ifdef SYSV", which worked just fine at the time.

The patch attached here modifies tools/syslogd.c, rather than configure{,.ac}, as our own controlled autobuild environment was unhappy with an autoconf patch (and those can be problematic anyway).

At your option, this can also be backported to EL5.10 (rsyslog-3.22.1-x), as the same issue exists there. The same change is applicable.

Originally reported to Oracle Linux bug database in 17346261.

Separately reported to rsyslog upstream as:
http://bugzilla.adiscon.com/show_bug.cgi?id=474
Comment 2 Todd Vierling 2013-09-10 14:17:10 UTC 
(In reply to Todd Vierling from comment #0)
> The patch attached here modifies tools/syslogd.c, rather than
> configure{,.ac}, as our own controlled autobuild environment was unhappy
> with an autoconf patch (and those can be problematic anyway).

D'oh! The reason that method didn't work for me is that I forgot to patch config.h.in as well, since autoconf isn't being run explicitly as part of the rpm build. So, that's the other option: patch all of configure{,.ac} and config.h.in.
Comment 3 RHEL Program Management 2013-10-14 02:36:15 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.