One of the things that bothers me is the way that syslog output currently gets My proposal: Create 3 different sockets for syslog, one for syslog (standard /dev/log, standard permissions), one for klogd (with root-only access, so normal users at least cannot fake kernel messages), and one for minilogd. The minilogd and klog sockets would also allow for ordering of output on boot, becuase currently it all gets rather jumbled. It should be possible to read all of the waiting data on the klogd socket, then the data in the minilogd socket, then the normal syslog traffic. A sperate socket for klogd would allow syslogd to ensure that kernel messages actualy came from the kernel (getting part way to fixing bug 10222). (BTW, OpenBSD does this, but they use syslogd for kernel messages, and just add a simple check on the /dev/log input that it doesn't use the facility 'kernel').
Just clearing out old bugs here - this one ceased to be an issue ages ago.