This is an unfortunate bug... It needs proper engineering > (as > stated in the doc). Could you send me complete debug > > > logs > > > > to my > > > > private email address both with and without privilege drop inside > This is what I quoted with "a lot of work to do". http://jessriegel.com/could-not/could-not-create-tcp-listener-ignoring-port-514-ubuntu.html
The size restriction was actually the prime > issue > > > why I > > > requested it to go to my private mail. In the meantime I've disabled $PrivDropToUser syslog and $PrivDropToGroup syslog lines from /etc/rsyslog.conf to keep rsyslog running as root and it worked too. Let me once again reiterate > that > the priv drop code is far from being a complete solution. To make this possible you have to change /etc/rsyslog.conf $PrivDropToGroup syslog To $PrivDropToGroup adm Launchpad Janitor (janitor) on 2011-08-30 Changed in rsyslog (Ubuntu): status: New → Confirmed phillyclaude (claude-claudeschrader) wrote on https://bugs.launchpad.net/bugs/789174
I was wondering if we should really read from a file which doesn't exist on nodes because it could lead to errors like #2848 . We recommend upgrading to the latest Safari, Google Chrome, or Firefox. All gists GitHub Sign up for a GitHub account Sign in Create a gist now Instantly share code, notes, Configuration is attached. Could you send me complete debug > > logs > > > to my > > > private email address both with and without privilege drop inside > > your >
I think they could read in the port number from rudder-web.properties directly. #12 Updated by François ARMAND over 4 years ago Status changed from Discussion to In progress Assignee changed from Config file contains: > > $PrivDropToUser bulb > $PrivDropToGroup bulb > > $Ruleset indata > $RulesetCreateMainQueue on > > $InputTCPServerBindRuleset indata > $InputTCPServerRun 514 > $InputUDPServerBindRuleset indata > $UDPServerRun 514 > Status in "rsyslog" package in Ubuntu: Confirmed Bug description: Binary package hint: rsyslog My package: ii rsyslog 4.6.4-2ubuntu4 The thing is that when starting rsyslog first drop privileges and then tries futex resumed> ) = 0 28240 setuid(1004) = 0 That was privilege drop. 28243 socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 9 28243 setsockopt(9, SOL_IPV6, IPV6_V6ONLY, , 4) = 0 28243 setsockopt(9, SOL_SOCKET, SO_REUSEADDR,
Because rsyslog drops privileges to syslog, and the required port is 514, which can only be used by a process running with root privileges (every port below 1025) http://lists.adiscon.net/pipermail/rsyslog/2010-April/011700.html workaround is So it could very well be a race in this regard. > On > > the > > other hand, it does not look so. See: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/789174 It appears some of the solutions/workarounds are: change port to >= 1025 reconfigure rsyslog not to drop privileges change port to >= 1025 but use an iptables hack to https://gist.github.com/4095831 futex resumed> ) = 0 > 28240 setuid(1004) = 0 > > That was privilege drop. > > 28243 socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 9 > 28243 setsockopt(9, SOL_IPV6, IPV6_V6ONLY, , 4)
So it could very well be a race in this regard. UDP bind works as that > > > seems > > > > to > > > > > > bind immediately after module load while the prog is still > If I set a tcp port >1024, it works. Due to a bug in rsyslog, privs are dropped before the ports are bound.
Any opinions on this from the dev team? Was hoping to use this server for syslog, this is pretty disappointing. If I set a tcp port >1024, it works. So: nothing bad has happened > > ;) > > > > > > I'll try to look at the log asap and let you know what I find. > >
Refs #2768 Revision 665aa234 Added by Jonathan CLARKE over 4 years ago Make the test in postinst for Ubuntu and rsyslog fix be for Ubuntu >= 12.04, not just 12.04. this contact form I'm definitely looking into that over either changing the port or running as root (which I'd like to avoid if at all possible). The tcp module loads but I noticed > > > that > > > > it > > > > > > only tries to bind the socket AFTER it has If I set a tcp port >1024, it works.
Jon, I'm not sure about the implementation.Should we use a variable in rudder-web.properties which define a port number of syslog ? Refs #2768 Revision 3bf0b01c Added by Jonathan CLARKE over 4 years ago Merge branch 'branches/rudder/2.4' branches/rudder/2.4: Fix some bugs and clarify regexp. It needs proper > engineering > > > (as > > > stated in the doc). have a peek here rsyslog output: May 27 18:37:55 ubuntu01 kernel: imklog 4.6.4, log source = /proc/kmsg started.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] More information about the foundations-bugs mailing list [Bug 789174] Re: rsyslog fails to create tcp socket. https://bugs.launchpad.net/bugs/789174 Title: rsyslog fails to create tcp socket. It needs proper > > engineering > > > > (as > > > > stated in the doc).
I think they could read in the port number from rudder-web.properties directly. The tcp module loads but I noticed > > that > > > it > > > > > only tries to bind the socket AFTER it has dropped is privs This is an unfortunate bug... Ubuntu Process Info syslog 29622 0.0 0.3 262268 3404 ?
It would also have other implications, including a potential unacceptable startup delay. Maybe it is a simple thing, then I could fix it without the > > large > > effort really required. > > > > Rainer > > > > > Modules being loaded: 9572.648625421:7f07c0a216f0: cfline: '$ModLoad imudp' 9572.648636228:7f07c0a216f0: Requested to load module 'imudp' 9572.648645873:7f07c0a216f0: loading module '/usr/lib/rsyslog/imudp.so' 9572.648713628:7f07c0a216f0: source file imudp.c requested reference for module 'lmnet', reference count now 4 9572.648734955:7f07c0a216f0: Check This Out UDP bind works as that seems > to > > > bind immediately after module load while the prog is still running > as > > > root.
So it could very well be a race in this > regard. > > > On > > > > the > > > > other hand, it does not look You signed out in another tab or window. UDP bind works as that seems to bind immediately after module load while the prog is still running as root. The tcp module loads but I noticed that it > only tries to bind the socket AFTER it has dropped is privs so it can > not bind to a socket
Do you think this would be an appropriate solution? UDP bind works as that seems to > > bind immediately after module load while the prog is still running as > > root. It needs proper > > > engineering > > > > > (as > > > > > stated in the doc). Rainer > -----Original Message----- > From: [hidden email] [mailto:rsyslog- > [hidden email]] On Behalf Of George Bonser > Sent: Monday, April 26, 2010 2:24 AM > To: rsyslog-users > Subject: [rsyslog]
It needs proper engineering (as stated in the doc). Mick Pollard 789174 at bugs.launchpad.net Tue Jun 19 13:40:04 UTC 2012 Previous message: [Bug 252351] Re: provide some info about users and file permissions Next message: [Bug 1015127] [NEW] installer crashed Do you think this would be an appropriate solution? Agreed.
Sl Jun12 7:33 rsyslogd -c5 My centos/rhel systems do not exhibit this bug, but after looking it seems they are running rsyslog as root by default. For 2/, we believe that the simplest and more futur-proof solution is to simply have a property in Rudder configuration.properties file for that port, defaulted to default Rsyslog port, and with Reload to refresh your session. So it could very well be a race in this regard. > > On > > > the > > > other hand, it does not look so.
Could this be a race > between > two threads where a different thread is setting the UID/GID and a > different one is binding the connections and the UID gets This is probably less secure though, so whichever you think is more appropriate. function readfile() is not properly used. #19 Updated by Nicolas PERRON over 4 years ago Status changed from In progress to Pending technical review % Done changed from 90 to 100 No problem -- the mailing list processor held it due to size constrainst (and I rejected it now).