On Fri, May 7, 2010 at 7:56 AM, Simon Kelley <[email protected]> wrote: > clemens fischer wrote: >> Hi, >> >> 'uname -rims' -> Linux 2.6.33.3-spott i686 AuthenticAMD >> dnsmasq version is 2.52 compiled with default options. >> >> I'm running dnsmasq supervised[1]. I want _all_ logging to go to >> stderr, but root privilege is not needed. My system isn't loaded much >> and currently I only need the DHCP server part. This is for serving >> DHCP data to virtualbox'es. >> >> There is the "-d" option to have all logging on stderr, which is >> helpful, but I'm uncomfortable with risking root. Normally I'd look for >> the place where logfile-name and log-fd are connected, insert a check if >> the length of the name is one and its value equal to '-' and return >> STDERR_FILENO as the fd. With dnsmasq's code it's not that easy (for >> me). >> >> $ hg diff >> diff --git a/dnsmasq-2.52/src/dnsmasq.c b/dnsmasq-2.52/src/dnsmasq.c >> --- a/dnsmasq-2.52/src/dnsmasq.c >> +++ b/dnsmasq-2.52/src/dnsmasq.c >> @@ -348,7 +348,9 @@ int main (int argc, char **argv) >> /* open stdout etc to /dev/null */ >> nullfd = open("/dev/null", O_RDWR); >> dup2(nullfd, STDOUT_FILENO); >> + /* -ino: 100506-2119 >> dup2(nullfd, STDERR_FILENO); >> + */ >> dup2(nullfd, STDIN_FILENO); >> close(nullfd); >> } >> >> This is my rough work-around, it lets me do this: >> >> 09:42:02.26 + exec /usr/local/sbin/dnsmasq -C /etc/dnsmasq.conf \ >> -u nobody -g nobody -p 0 --log-dhcp --log-facility=/dev/fd/2 >> --log-async=0 -k >> 09:42:02.34 May 7 11:42:02 dnsmasq[2288]: started, version 2.52 DNS >> disabled >> 09:42:02.34 May 7 11:42:02 dnsmasq[2288]: compile time options: \ >> IPv6 GNU-getopt no-DBus no-I18N DHCP TFTP >> 09:42:02.34 May 7 11:42:02 dnsmasq-dhcp[2288]: DHCP, \ >> IP range 192.168.7.50 -- 192.168.7.150, lease time 12h >> >> It obviously works, but I'm unable to provide a better patch right now. >> Has somebody something better regarding security and checking for >> a magic filename? I know that the dup2() call is there for a reason, >> possibly isolating dhcp scripts from dnsmasq's processing, but my patch >> was the simplest I could come up with. OTOH I can well imagine other >> people having the same problem, so the functionality might have its >> place in the code base. >> >> [1] http://smarden.org/runit/ >> >> >> Regards, Clemens >> >> > > Would it be possible to use a named pipe as the target for > --log-facility, and read from that?
Isn't /proc/self/fd/2 the "name" for stderr? > > > Cheers, > > Simon. > > _______________________________________________ > Dnsmasq-discuss mailing list > [email protected] > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >
