From 44c2679f8347c9bdeb69765f333cd899b5bbd4b9 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 18 Oct 2016 15:51:47 -0600 Subject: [PATCH] Add syslog_maxlen to control the max size of syslog messages. --- doc/sudoers.cat | 33 +++++++++++++++++++------- doc/sudoers.man.in | 46 ++++++++++++++++++++++++++---------- doc/sudoers.mdoc.in | 47 ++++++++++++++++++++++++++----------- plugins/sudoers/def_data.c | 4 ++++ plugins/sudoers/def_data.h | 2 ++ plugins/sudoers/def_data.in | 3 +++ plugins/sudoers/defaults.c | 1 + plugins/sudoers/logging.c | 16 ++++++++----- 8 files changed, 110 insertions(+), 42 deletions(-) diff --git a/doc/sudoers.cat b/doc/sudoers.cat index b02168aa7..435d95001 100644 --- a/doc/sudoers.cat +++ b/doc/sudoers.cat @@ -1642,6 +1642,23 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS See _s_y_s_l_o_g___b_a_d_p_r_i for the list of supported syslog priorities. + syslog_maxlen On many systems, syslog(3) has a relatively small log + buffer. IETF RFC 5424 states that syslog servers must + support messages of at least 480 bytes and should + support messages up to 2048 bytes. By default, ssuuddooeerrss + creates log messages up to 980 bytes which corresponds + to the historic BSD syslog implementation which used a + 1024 byte buffer to store the message, date, hostname + and program name. To prevent syslog messages from + being truncated, ssuuddooeerrss will split up log messages + that are larger than _s_y_s_l_o_g___m_a_x_l_e_n bytes. When a + message is split, additional parts will include the + string ``(command continued)'' after the user name and + before the continued command line arguments. + + This setting is only supported by version 1.8.19 or + higher. + sudoers_locale Locale to use when parsing the sudoers file, logging commands, and sending email. Note that changing the locale may affect how sudoers is interpreted. Defaults @@ -2027,15 +2044,13 @@ LLOOGG FFOORRMMAATT NNootteess oonn llooggggiinngg vviiaa ssyysslloogg By default, ssuuddooeerrss logs messages via syslog(3). The _d_a_t_e, _h_o_s_t_n_a_m_e, and - _p_r_o_g_n_a_m_e fields are added by the syslog daemon, not ssuuddooeerrss itself. As - such, they may vary in format on different systems. + _p_r_o_g_n_a_m_e fields are added by the system's ssyysslloogg() function, not ssuuddooeerrss + itself. As such, they may vary in format on different systems. - On most systems, syslog(3) has a relatively small log buffer. To prevent - the command line arguments from being truncated, ssuuddooeerrss will split up - log messages that are larger than 960 characters (not including the date, - hostname, and the string ``sudo''). When a message is split, additional - parts will include the string ``(command continued)'' after the user name - and before the continued command line arguments. + The maximum size of syslog messages varies from system to system. The + _s_y_s_l_o_g___m_a_x_l_e_n setting can be used to change the maximum syslog message + size from the default value of 980 bytes. For more information, see the + description of _s_y_s_l_o_g___m_a_x_l_e_n. NNootteess oonn llooggggiinngg ttoo aa ffiillee If the _l_o_g_f_i_l_e option is set, ssuuddooeerrss will log to a local file, such as @@ -2592,4 +2607,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or https://www.sudo.ws/license.html for complete details. -Sudo 1.8.18 August 31, 2016 Sudo 1.8.18 +Sudo 1.8.18 October 18, 2016 Sudo 1.8.18 diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index e00cc064c..f83d5d650 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -21,7 +21,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.TH "SUDOERS" "5" "August 31, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS" "5" "October 18, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -3367,6 +3367,28 @@ See \fIsyslog_badpri\fR for the list of supported syslog priorities. .TP 18n +syslog_maxlen +On many systems, +syslog(3) +has a relatively small log buffer. +IETF RFC 5424 states that syslog servers must support messages of +at least 480 bytes and should support messages up to 2048 bytes. +By default, +\fBsudoers\fR +creates log messages up to 980 bytes which corresponds to the +historic BSD syslog implementation which used a 1024 byte buffer +to store the message, date, hostname and program name. +To prevent syslog messages from being truncated, +\fBsudoers\fR +will split up log messages that are larger than +\fIsyslog_maxlen\fR +bytes. +When a message is split, additional parts will include the string +\(Lq(command continued)\(Rq +after the user name and before the continued command line arguments. +.sp +This setting is only supported by version 1.8.19 or higher. +.TP 18n sudoers_locale Locale to use when parsing the sudoers file, logging commands, and sending email. @@ -4121,22 +4143,20 @@ The \fIhostname\fR, and \fIprogname\fR -fields are added by the syslog daemon, not +fields are added by the system's +\fBsyslog\fR() +function, not \fBsudoers\fR itself. As such, they may vary in format on different systems. .PP -On most systems, -syslog(3) -has a relatively small log buffer. -To prevent the command line arguments from being truncated, -\fBsudoers\fR -will split up log messages that are larger than 960 characters -(not including the date, hostname, and the string -\(Lqsudo\(Rq). -When a message is split, additional parts will include the string -\(Lq(command continued)\(Rq -after the user name and before the continued command line arguments. +The maximum size of syslog messages varies from system to system. +The +\fIsyslog_maxlen\fR +setting can be used to change the maximum syslog message size +from the default value of 980 bytes. +For more information, see the description of +\fIsyslog_maxlen\fR. .SS "Notes on logging to a file" If the \fIlogfile\fR diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index da20c82b8..b8405ddae 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -19,7 +19,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd August 31, 2016 +.Dd October 18, 2016 .Dt SUDOERS @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -3145,6 +3145,27 @@ Defaults to See .Em syslog_badpri for the list of supported syslog priorities. +.It syslog_maxlen +On many systems, +.Xr syslog 3 +has a relatively small log buffer. +IETF RFC 5424 states that syslog servers must support messages of +at least 480 bytes and should support messages up to 2048 bytes. +By default, +.Nm +creates log messages up to 980 bytes which corresponds to the +historic BSD syslog implementation which used a 1024 byte buffer +to store the message, date, hostname and program name. +To prevent syslog messages from being truncated, +.Nm +will split up log messages that are larger than +.Em syslog_maxlen +bytes. +When a message is split, additional parts will include the string +.Dq Pq command continued +after the user name and before the continued command line arguments. +.Pp +This setting is only supported by version 1.8.19 or higher. .It sudoers_locale Locale to use when parsing the sudoers file, logging commands, and sending email. @@ -3824,22 +3845,20 @@ The .Em hostname , and .Em progname -fields are added by the syslog daemon, not -.Nm sudoers +fields are added by the system's +.Fn syslog +function, not +.Nm itself. As such, they may vary in format on different systems. .Pp -On most systems, -.Xr syslog 3 -has a relatively small log buffer. -To prevent the command line arguments from being truncated, -.Nm -will split up log messages that are larger than 960 characters -(not including the date, hostname, and the string -.Dq sudo ) . -When a message is split, additional parts will include the string -.Dq Pq command continued -after the user name and before the continued command line arguments. +The maximum size of syslog messages varies from system to system. +The +.Em syslog_maxlen +setting can be used to change the maximum syslog message size +from the default value of 980 bytes. +For more information, see the description of +.Em syslog_maxlen . .Ss Notes on logging to a file If the .Em logfile diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c index b433a7fe9..ec749637a 100644 --- a/plugins/sudoers/def_data.c +++ b/plugins/sudoers/def_data.c @@ -418,6 +418,10 @@ struct sudo_defs_types sudo_defs_table[] = { "match_group_by_gid", T_FLAG, N_("Resolve groups in sudoers and match on the group ID, not the name"), NULL, + }, { + "syslog_maxlen", T_UINT, + N_("Log entries larger than this value will be split into multiple syslog messages"), + NULL, }, { NULL, 0, NULL } diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h index 3032cdee6..d16c17ccb 100644 --- a/plugins/sudoers/def_data.h +++ b/plugins/sudoers/def_data.h @@ -196,6 +196,8 @@ #define def_ignore_logfile_errors (sudo_defs_table[I_IGNORE_LOGFILE_ERRORS].sd_un.flag) #define I_MATCH_GROUP_BY_GID 98 #define def_match_group_by_gid (sudo_defs_table[I_MATCH_GROUP_BY_GID].sd_un.flag) +#define I_SYSLOG_MAXLEN 99 +#define def_syslog_maxlen (sudo_defs_table[I_SYSLOG_MAXLEN].sd_un.uival) enum def_tuple { never, diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in index bc2391273..1190fefed 100644 --- a/plugins/sudoers/def_data.in +++ b/plugins/sudoers/def_data.in @@ -310,3 +310,6 @@ ignore_logfile_errors match_group_by_gid T_FLAG "Resolve groups in sudoers and match on the group ID, not the name" +syslog_maxlen + T_UINT + "Log entries larger than this value will be split into multiple syslog messages" diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c index 487791798..6ee93d3d7 100644 --- a/plugins/sudoers/defaults.c +++ b/plugins/sudoers/defaults.c @@ -559,6 +559,7 @@ init_defaults(void) goto oom; def_set_utmp = true; def_pam_setcred = true; + def_syslog_maxlen = MAXSYSLOGLEN; /* Reset the locale. */ if (!firsttime) { diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index e741f38dc..64bd794e0 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -72,14 +72,18 @@ static char *new_logline(const char *, int); static void mysyslog(int pri, const char *fmt, ...) { - char buf[MAXSYSLOGLEN+1]; + char *buf; va_list ap; debug_decl(mysyslog, SUDOERS_DEBUG_LOGGING) va_start(ap, fmt); openlog("sudo", 0, def_syslog); - vsnprintf(buf, sizeof(buf), fmt, ap); - syslog(pri, "%s", buf); + if (vasprintf(&buf, fmt, ap) == -1) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + } else { + syslog(pri, "%s", buf); + free(buf); + } va_end(ap); closelog(); debug_return; @@ -87,7 +91,7 @@ mysyslog(int pri, const char *fmt, ...) /* * Log a message to syslog, pre-pending the username and splitting the - * message into parts if it is longer than MAXSYSLOGLEN. + * message into parts if it is longer than syslog_maxlen. */ static void do_syslog(int pri, char *msg) @@ -104,7 +108,7 @@ do_syslog(int pri, char *msg) * Log the full line, breaking into multiple syslog(3) calls if necessary */ fmt = _("%8s : %s"); - maxlen = MAXSYSLOGLEN - (strlen(fmt) - 5 + strlen(user_name)); + maxlen = def_syslog_maxlen - (strlen(fmt) - 5 + strlen(user_name)); for (p = msg; *p != '\0'; ) { len = strlen(p); if (len > maxlen) { @@ -132,7 +136,7 @@ do_syslog(int pri, char *msg) p += len; } fmt = _("%8s : (command continued) %s"); - maxlen = MAXSYSLOGLEN - (strlen(fmt) - 5 + strlen(user_name)); + maxlen = def_syslog_maxlen - (strlen(fmt) - 5 + strlen(user_name)); } sudoers_setlocale(oldlocale, NULL); -- 2.40.0