Bug 1000102 - rsyslogd does not have its own process group or session id
rsyslogd does not have its own process group or session id
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: rsyslog (Show other bugs)
6.4
All Linux
unspecified Severity low
: rc
: ---
Assigned To: Radovan Sroka
BaseOS QE Security Team
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-22 12:53 EDT by Todd Vierling
Modified: 2017-11-30 07:44 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-11-30 07:44:28 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
modification to use setsid() (217 bytes, patch)
2013-08-22 12:53 EDT, Todd Vierling
no flags Details | Diff

  None (edit)
Description Todd Vierling 2013-08-22 12:53:27 EDT
Created attachment 789275 [details]
modification to use setsid()

Description of problem:
rsyslogd does not own its pgrp or sid like most other system daemons

Version-Release number of selected component (if applicable):
rsyslog-5.8.10-6.el6

How reproducible:
Always

Steps to Reproduce:
$ ps axo pid,ppid,pgid,sid,comm | grep rsyslog

Actual results:
(for example)
16474     1 16420 16112 rsyslogd

Expected results:
16474     1 16474 16474 rsyslogd

Additional info:
The issue here is that a session leader may restart rsyslogd after modifying syslog rules, and then kill off rsyslogd itself if the sid/pgid is killed. There is code already existing in rsyslog to do the right thing (by calling setsid()), but it isn't used because of an error in configure.ac (the CHECK_FUNCS looked for "setid", not "setsid" -- a very old typo). In very old versions of rsyslogd, pre-autoconfiscation, this was guarded by "#ifdef SYSV", which worked just fine at the time.

The patch attached here modifies tools/syslogd.c, rather than configure{,.ac}, as our own controlled autobuild environment was unhappy with an autoconf patch (and those can be problematic anyway).

At your option, this can also be backported to EL5.10 (rsyslog-3.22.1-x), as the same issue exists there. The same change is applicable.

Originally reported to Oracle Linux bug database in 17346261.

Separately reported to rsyslog upstream as:
http://bugzilla.adiscon.com/show_bug.cgi?id=474
Comment 2 Todd Vierling 2013-09-10 10:17:10 EDT
(In reply to Todd Vierling from comment #0)
> The patch attached here modifies tools/syslogd.c, rather than
> configure{,.ac}, as our own controlled autobuild environment was unhappy
> with an autoconf patch (and those can be problematic anyway).

D'oh! The reason that method didn't work for me is that I forgot to patch config.h.in as well, since autoconf isn't being run explicitly as part of the rpm build. So, that's the other option: patch all of configure{,.ac} and config.h.in.
Comment 3 RHEL Product and Program Management 2013-10-13 22:36:15 EDT
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Note You need to log in before you can comment on or make changes to this bug.