On Tue, 8 Mar 2005, George Georgalis announced authoritatively: > Here's what I'm doing that is broken. I use tcpserver (functionally > similar to inetd) to receive an incoming smtp connection. While the > smtp session is still open, the message is piped to a temp file which > is then scanned for spam, if it passes the temp file is piped to my
Both of these sound like redirection, not piping. >>(I don't see what you mean by `a pipe rom /proc/kmsg', though: >>pipes connect processes, not files. File redirections are >>quite different and should work unchanged in 2.6.11.) > > An interesting technique that allows a program (such as a log writer) > to run as an unprivileged user, while receiving privileged data. (taken > almost verbatim from Gerrit Pape's socklog) > > #!/bin/sh > exec </proc/kmsg > exec 2>&1 > exec softlimit -m 2000000 setuidgid nobody socklog ucspi > > This script, run by root takes its stdin from /proc/kmsg then combines > its stdout and stderr, and exec-switches to the socklog program run > as an ucspi application listening to the domain stream socket, as > nobody:nogroup, with memory consumption limited to 2Mb. (and sends > log to stdout) This is definitely redirection, not piping. As far as I know the implementation of redirection in the kernel remains unchanged: certainly the need to buffer piped data doesn't exist in this case, and since the redesign was of the buffering, this is probably not your problem :) > It worked flawlessly until several kernel revs back when the kernel > started protecting kmsg and wouldn't allow the user program to receive > it, Indeed. > result: nothing sent to the logging program and no error. The fix > was to run socklog as root instead of nobody. You should be able to open it as root and read from it as another user: i.e., your technique above shouldn't break. (I'd hope.) -- > ...Hires Root Beer... What we need these days is a stable, fast, anti-aliased root beer with dynamic shading. Not that you can let just anybody have root. --- John M. Ford - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
