The purpose of the vis() addition was mostly to guard against later
"cat" views of the output files sending remote-controllable escape-codes
to terminals (especially in xterm, there are many unfortunately features
which should not be reachable from remote. the nastiest features were
disabled over decades, and some bugs were fixed, but some nasty escape
codes remain).
But please consider this impact of the change you propose.
There is one additional flag, VIS_NOSLASH, which inhibits the doubling of
backslashes and the backslash before the default format (that is, control
characters are represented by `^C' and meta characters as `M-C'). With
this flag set, the encoding is ambiguous and non-invertible.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This means if syslog is used to send some 'binary data', and you later on
want to decode meaning "unvis" the block, that won't work. Is that a usage
case to worry about?
Matthias Pitzl <pi...@genua.de> wrote:
> Hi,
>
> We're sending log data in JSON format to a SIEM system and noticed a special
> behaviour of
> OpenBSD's syslogd concerning strings with backslashes that is unique to
> OpenBSD:
> echo '{"msg": \"This is "a test\""}' | logger
> results in the following string logged:
> {"msg": "This is \\"a test\\""}
>
>
> As no other syslog daemon I tried (Linx and FreeBSD) behaves like this, the
> SIEM
> system does not use something like unvis() to correctly remove the escaping.
> This leads to a wrong text in the SIEM system after parsing the JSON string:
> This is \"a test\"
>
> This has been introduced about 21 years ago when vis(3) was added to syslogd.
>
> The following diff changes the behaviour of syslogd so that it no longer
> escapes
> backslashes and thus is more consistent with other syslog implementations.
>
> Greetings,
> Matthias
>
> diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c
> index d44b311ae1..184e0d6089 100644
> --- a/usr.sbin/syslogd/syslogd.c
> +++ b/usr.sbin/syslogd/syslogd.c
> @@ -1571,7 +1571,7 @@ printline(char *hname, char *msgstr)
> if (*p == '\n')
> *q++ = ' ';
> else
> - q = vis(q, *p, 0, 0);
> + q = vis(q, *p, VIS_NOSLASH, 0);
> }
> line[LOG_MAXLINE] = *q = '\0';
>
> @@ -1627,7 +1627,7 @@ printsys(char *msgstr)
> q = lp;
> while (*p && (c = *p++) != '\n' &&
> q < &msg.m_msg[sizeof(msg.m_msg) - 4])
> - q = vis(q, c, 0, 0);
> + q = vis(q, c, VIS_NOSLASH, 0);
>
> logmsg(&msg, flags, LocalHostName);
> }
