The Linux Programming Interface

Daemons 777 37.5.2 The syslog API The syslog API consists of three main functions: z The openlog() function establishes default ...

778 Chapter 37 LOG_NDELAY Open the connection to the logging system (i.e., the underlying UNIX domain socket, /dev/log) immediat ...

Daemons 779 Logging a message To write a log message, we call syslog(). The priority argument is created by ORing together a fac ...

780 Chapter 37 The remaining arguments to syslog() are a format string and corresponding argu- ments in the manner of printf(). ...

Daemons 781 Any message whose level is not included in the current mask setting is discarded. The default mask value allows all ...

782 Chapter 37 some other UNIX implementations, it is possible to specify level as *, with the same meaning as debug. However, t ...

WRITING SECURE PRIVILEGED PROGRAMS Privileged programs have access to features and resources (files, devices, and so on) that ar ...

784 Chapter 38 38.1 Is a Set-User-ID or Set-Group-ID Program Required? One of the best pieces of advice concerning set-user-ID a ...

Writing Secure Privileged Programs 785 The first call makes the effective user ID of the calling process the same as its real ID ...

786 Chapter 38 Instead, we must regain privilege prior to dropping it permanently, by inserting the following call between steps ...

Writing Secure Privileged Programs 787 z Because of the possibilities listed in the two preceding points, it is highly rec- omme ...

788 Chapter 38 If this program subsequently executes the call setuid(getuid()), then the process user IDs are changed to the fol ...

Writing Secure Privileged Programs 789 z If the process receives a signal that causes it to produce a core dump file, then that ...

790 Chapter 38 38.6 Beware of Signals and Race Conditions A user may send arbitrary signals to a set-user-ID program that they h ...

Writing Secure Privileged Programs 791 from process’s effective group ID (see Section 15.3.1), a similar statement applies with ...

792 Chapter 38 means that only white-space characters are interpreted by the shell as word separa- tors. Some shells always set ...

Writing Secure Privileged Programs 793 In order to make stack crashing more difficult—in particular, to make such attacks much m ...

794 Chapter 38 Dealing with malformed requests is straightforward—a server should be programmed to rigorously check its inputs a ...

Writing Secure Privileged Programs 795 Even where a system call succeeds, it may be necessary to check its result. For example, ...

796 Chapter 38 38.13 Exercises 38-1. Log in as a normal, unprivileged user, create an executable file (or copy an existing file ...