log: never log into foreign fd #2 in PID 1 or its pre-execve() children

Fixes: #5401
2025-01-11 05:17:44 +03:00 · 2017-02-21 17:57:55 +01:00 · 2017-02-21 17:57:55 +01:00 · 48a601fe5d
commit 48a601fe5d
parent 525872bfab
3 changed files with 16 additions and 3 deletions
--- a/src/basic/log.c
+++ b/src/basic/log.c
@ -72,6 +72,7 @@ static bool show_color = false;
 static bool show_location = false;

 static bool upgrade_syslog_to_journal = false;
+static bool always_reopen_console = false;

 /* Akin to glibc's __abort_msg; which is private and we hence cannot
 * use here. */
@ -95,7 +96,7 @@ static int log_open_console(void) {
        if (console_fd >= 0)
                return 0;

-        if (getpid() == 1) {
+        if (always_reopen_console) {
                console_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
                if (console_fd < 0)
                        return console_fd;
@ -1171,3 +1172,7 @@ int log_syntax_internal(
                        unit_fmt, unit,
                        NULL);
 }
+
+void log_set_always_reopen_console(bool b) {
+        always_reopen_console = b;
+}
--- a/src/basic/log.h
+++ b/src/basic/log.h
@ -220,6 +220,7 @@ LogTarget log_target_from_string(const char *s) _pure_;
 void log_received_signal(int level, const struct signalfd_siginfo *si);

 void log_set_upgrade_syslog_to_journal(bool b);
+void log_set_always_reopen_console(bool b);

 int log_syntax_internal(
                const char *unit,
--- a/src/core/main.c
+++ b/src/core/main.c
@ -1414,10 +1414,17 @@ int main(int argc, char *argv[]) {

        log_set_upgrade_syslog_to_journal(true);

-        /* Disable the umask logic */
-        if (getpid() == 1)
+        if (getpid() == 1) {
+                /* Disable the umask logic */
                umask(0);

+                /* Always reopen /dev/console when running as PID 1 or one of its pre-execve() children. This is
+                 * important so that we never end up logging to any foreign stderr, for example if we have to log in a
+                 * child process right before execve()'ing the actual binary, at a point in time where socket
+                 * activation stderr/stdout area already set up. */
+                log_set_always_reopen_console(true);
+        }
+
        if (getpid() == 1 && detect_container() <= 0) {

                /* Running outside of a container as PID 1 */