On Thu, Sep 29, 2005 at 03:32:49PM +0200, Peter HOLZLEITNER wrote:
> It's perfectly legal to call sys::syslog with a format having NO
> variable placeholders and therefore an empty @args parameter.
However, when you include variables in the format, you may end up
with surprise results if there are % signs in the variable string.
In some programming languages, this is a common source of buffer overflow
and remote execution of code.
Another issue with Sys::Syslog on some platforms is that it will
abort the entire program if a write to the socket fails. This happens
on NetBSD when you try to send a syslog message when syslogd isn't running.
Here's what I did to fix it:
# Syslog.pm::syslog() has a fatal exit if syslogd is not running
# The workaround is below.
no warnings; # because we're redefining syslog()
sub syslog
{ eval {
local $SIG{"__DIE__"}= sub { }; Sys::Syslog::syslog(@_);
}
}
use warnings;
Jim, David, you may want to add this to Mon for reliability.
_______________________________________________
mon mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/mon
