Bug#901438: bash: enable compile-time syslog shopt

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#901438: bash: enable compile-time syslog shopt

Luca Boccassi-3
Package: bash
Version: 5.0~alpha1-1
Severity: wishlist
Tags: patch

Dear Maintainer,

bash 5.0 introduced a new build-time config-top.h option to allow users
to optionally enable sending the bash history to syslog via a new shopt
variable.
Given it's generally undesirable on user's machines, even if compiled
in the feature is off by default at runtime. It can be checked
trivially with "shopt -p | grep syslog".

But this feature is often necessary and required on mission critical
equipment due to auditing rules&regulations. For example in my case, to
use vanilla Debian on servers inside a large ISP we need this option.
Given Debian aims to be a Universal Operating System, it would be
really great if such option were available without having to rebuild
bash manually. :-)

Please consider the inlined diff for the deb-bash-config.diff patch,
that will build the support but of course will leave it disabled by
default. I have tested it and it works as expected.

Thank you!

--
Kind regards,
Luca Boccassi

--- debian/patches/deb-bash-config.diff
+++ debian/patches/deb-bash-config.diff
@@ -14,6 +14,10 @@
 # DP:
 # DP: - don't define a default DEFAULT_MAIL_DIRECTORY, because it
 # DP:   can cause a timeout on NFS mounts.
+# DP:
+# DP: - build with runtime option to enable sending history to syslog
+# DP:   and disable it by default. Can be enabled by a user with
+# DP:   shopt -s syslog_history
 
 Index: b/config-bot.h
 ===================================================================
@@ -54,3 +58,21 @@
 
  /* Define if you want the case-capitalizing operators (~[~]) and the
     `capcase' variable attribute (declare -c). */
+@@ -117,7 +117,7 @@
+
+ /* Define if you want each line saved to the history list in bashhist.c:
+    bash_add_history() to be sent to syslog(). */
+-/* #define SYSLOG_HISTORY */
++#define SYSLOG_HISTORY
+ #if defined (SYSLOG_HISTORY)
+ #  define SYSLOG_FACILITY LOG_USER
+ #  define SYSLOG_LEVEL LOG_INFO
+@@ -128,7 +128,7 @@
+    shell option; if defined, the value is the default for the syslog_history
+    shopt option */
+ #if defined (SYSLOG_HISTORY)
+-/* #define SYSLOG_SHOPT 1 */
++#  define SYSLOG_SHOPT 0
+ #endif
+
+ /* Define if you want to include code in shell.c to support wordexp(3) */

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#901438: bash: enable compile-time syslog shopt

Luca Boccassi-3
On Wed, 13 Jun 2018 11:40:57 +0100 Luca Boccassi <[hidden email]>
wrote:
> Package: bash
> Version: 5.0~alpha1-1
> Severity: wishlist
> Tags: patch

> Dear Maintainer,

> bash 5.0 introduced a new build-time config-top.h option to allow
users
> to optionally enable sending the bash history to syslog via a new
shopt
> variable.
> Given it's generally undesirable on user's machines, even if compiled
> in the feature is off by default at runtime. It can be checked
> trivially with "shopt -p | grep syslog".

> But this feature is often necessary and required on mission critical
> equipment due to auditing rules&regulations. For example in my case,
to

> use vanilla Debian on servers inside a large ISP we need this option.
> Given Debian aims to be a Universal Operating System, it would be
> really great if such option were available without having to rebuild
> bash manually. :-)

> Please consider the inlined diff for the deb-bash-config.diff patch,
> that will build the support but of course will leave it disabled by
> default. I have tested it and it works as expected.

> Thank you!

> -- 
> Kind regards,
> Luca Boccassi

> --- debian/patches/deb-bash-config.diff
> +++ debian/patches/deb-bash-config.diff
> @@ -14,6 +14,10 @@
>  # DP: 
>  # DP: - don't define a default DEFAULT_MAIL_DIRECTORY, because it
>  # DP:   can cause a timeout on NFS mounts.
> +# DP: 
> +# DP: - build with runtime option to enable sending history to
syslog
> +# DP:   and disable it by default. Can be enabled by a user with
> +# DP:   shopt -s syslog_history
>  
>  Index: b/config-bot.h
>  ===================================================================
> @@ -54,3 +58,21 @@
>   
>   /* Define if you want the case-capitalizing operators (~[~]) and
the
>      `capcase' variable attribute (declare -c). */
> +@@ -117,7 +117,7 @@
> + 
> + /* Define if you want each line saved to the history list in
bashhist.c:
> +    bash_add_history() to be sent to syslog(). */
> +-/* #define SYSLOG_HISTORY */
> ++#define SYSLOG_HISTORY
> + #if defined (SYSLOG_HISTORY)
> + #  define SYSLOG_FACILITY LOG_USER
> + #  define SYSLOG_LEVEL LOG_INFO
> +@@ -128,7 +128,7 @@
> +    shell option; if defined, the value is the default for the
syslog_history
> +    shopt option */

Dear Maintainer,

Bash 5.0-beta is out - I've just tested it to make sure this patch
still applies and works, and it does.

Would be fantastic if it could be considered for the eventual upload of
5.0-beta.

Thank you!

--
Kind regards,
Luca Boccassi

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#901438: bash: enable compile-time syslog shopt

Luca Boccassi-3
On Wed, 2018-09-19 at 18:01 +0100, Luca Boccassi wrote:

> On Wed, 13 Jun 2018 11:40:57 +0100 Luca Boccassi <[hidden email]>
> wrote:
> > Package: bash
> > Version: 5.0~alpha1-1
> > Severity: wishlist
> > Tags: patch
> >  
> > Dear Maintainer,
> >  
> > bash 5.0 introduced a new build-time config-top.h option to allow
>
> users
> > to optionally enable sending the bash history to syslog via a new
>
> shopt
> > variable.
> > Given it's generally undesirable on user's machines, even if
> > compiled
> > in the feature is off by default at runtime. It can be checked
> > trivially with "shopt -p | grep syslog".
> >  
> > But this feature is often necessary and required on mission
> > critical
> > equipment due to auditing rules&regulations. For example in my
> > case,
>
> to
> > use vanilla Debian on servers inside a large ISP we need this
> > option.
> > Given Debian aims to be a Universal Operating System, it would be
> > really great if such option were available without having to
> > rebuild
> > bash manually. :-)
> >  
> > Please consider the inlined diff for the deb-bash-config.diff
> > patch,
> > that will build the support but of course will leave it disabled by
> > default. I have tested it and it works as expected.
> >  
> > Thank you!
> >  
> > -- 
> > Kind regards,
> > Luca Boccassi
> >  
> > --- debian/patches/deb-bash-config.diff
> > +++ debian/patches/deb-bash-config.diff
> > @@ -14,6 +14,10 @@
> >   # DP: 
> >   # DP: - don't define a default DEFAULT_MAIL_DIRECTORY, because it
> >   # DP:   can cause a timeout on NFS mounts.
> > +# DP: 
> > +# DP: - build with runtime option to enable sending history to
>
> syslog
> > +# DP:   and disable it by default. Can be enabled by a user with
> > +# DP:   shopt -s syslog_history
> >   
> >   Index: b/config-bot.h
> >   =================================================================
> > ==
> > @@ -54,3 +58,21 @@
> >    
> >    /* Define if you want the case-capitalizing operators (~[~]) and
>
> the
> >       `capcase' variable attribute (declare -c). */
> > +@@ -117,7 +117,7 @@
> > + 
> > + /* Define if you want each line saved to the history list in
>
> bashhist.c:
> > +    bash_add_history() to be sent to syslog(). */
> > +-/* #define SYSLOG_HISTORY */
> > ++#define SYSLOG_HISTORY
> > + #if defined (SYSLOG_HISTORY)
> > + #  define SYSLOG_FACILITY LOG_USER
> > + #  define SYSLOG_LEVEL LOG_INFO
> > +@@ -128,7 +128,7 @@
> > +    shell option; if defined, the value is the default for the
>
> syslog_history
> > +    shopt option */
>
> Dear Maintainer,
>
> Bash 5.0-beta is out - I've just tested it to make sure this patch
> still applies and works, and it does.
>
> Would be fantastic if it could be considered for the eventual upload
> of
> 5.0-beta.
>
> Thank you!
Dear Maintainer,

bash 5.0-beta2 is out, I've tested the above small patch with it and I
can confirm again that it works as expected. It would be great if it
could be included in the next upload to experimental.

Thank you!

--
Kind regards,
Luca Boccassi

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#901438: bash: enable compile-time syslog shopt

Luca Boccassi-3
On Wed, 2018-11-28 at 17:56 +0000, Luca Boccassi wrote:

> On Wed, 2018-09-19 at 18:01 +0100, Luca Boccassi wrote:
> > On Wed, 13 Jun 2018 11:40:57 +0100 Luca Boccassi <[hidden email]>
> > wrote:
> > > Package: bash
> > > Version: 5.0~alpha1-1
> > > Severity: wishlist
> > > Tags: patch
> > >  
> > > Dear Maintainer,
> > >  
> > > bash 5.0 introduced a new build-time config-top.h option to allow
> >
> > users
> > > to optionally enable sending the bash history to syslog via a new
> >
> > shopt
> > > variable.
> > > Given it's generally undesirable on user's machines, even if
> > > compiled
> > > in the feature is off by default at runtime. It can be checked
> > > trivially with "shopt -p | grep syslog".
> > >  
> > > But this feature is often necessary and required on mission
> > > critical
> > > equipment due to auditing rules&regulations. For example in my
> > > case,
> >
> > to
> > > use vanilla Debian on servers inside a large ISP we need this
> > > option.
> > > Given Debian aims to be a Universal Operating System, it would be
> > > really great if such option were available without having to
> > > rebuild
> > > bash manually. :-)
> > >  
> > > Please consider the inlined diff for the deb-bash-config.diff
> > > patch,
> > > that will build the support but of course will leave it disabled
> > > by
> > > default. I have tested it and it works as expected.
> > >  
> > > Thank you!
> > >  
> > > -- 
> > > Kind regards,
> > > Luca Boccassi
> > >  
> > > --- debian/patches/deb-bash-config.diff
> > > +++ debian/patches/deb-bash-config.diff
> > > @@ -14,6 +14,10 @@
> > >   # DP: 
> > >   # DP: - don't define a default DEFAULT_MAIL_DIRECTORY, because
> > > it
> > >   # DP:   can cause a timeout on NFS mounts.
> > > +# DP: 
> > > +# DP: - build with runtime option to enable sending history to
> >
> > syslog
> > > +# DP:   and disable it by default. Can be enabled by a user with
> > > +# DP:   shopt -s syslog_history
> > >   
> > >   Index: b/config-bot.h
> > >   ===============================================================
> > > ==
> > > ==
> > > @@ -54,3 +58,21 @@
> > >    
> > >    /* Define if you want the case-capitalizing operators (~[~])
> > > and
> >
> > the
> > >       `capcase' variable attribute (declare -c). */
> > > +@@ -117,7 +117,7 @@
> > > + 
> > > + /* Define if you want each line saved to the history list in
> >
> > bashhist.c:
> > > +    bash_add_history() to be sent to syslog(). */
> > > +-/* #define SYSLOG_HISTORY */
> > > ++#define SYSLOG_HISTORY
> > > + #if defined (SYSLOG_HISTORY)
> > > + #  define SYSLOG_FACILITY LOG_USER
> > > + #  define SYSLOG_LEVEL LOG_INFO
> > > +@@ -128,7 +128,7 @@
> > > +    shell option; if defined, the value is the default for the
> >
> > syslog_history
> > > +    shopt option */
> >
> > Dear Maintainer,
> >
> > Bash 5.0-beta is out - I've just tested it to make sure this patch
> > still applies and works, and it does.
> >
> > Would be fantastic if it could be considered for the eventual
> > upload
> > of
> > 5.0-beta.
> >
> > Thank you!
>
> Dear Maintainer,
>
> bash 5.0-beta2 is out, I've tested the above small patch with it and
> I
> can confirm again that it works as expected. It would be great if it
> could be included in the next upload to experimental.
>
> Thank you!
Dear Maintainer,

Just tested with 5.0-rc1 and it works fine as well. rc1 also fixes the
build failures on armhf/armel BTW.

Thanks and happy holidays!

--
Kind regards,
Luca Boccassi

signature.asc (499 bytes) Download Attachment