Contributed by pitrh on 2014-07-15 from the only zeros and ones, in a new order dept.

OpenBSD project leader Theo de Raadt (deraadt@) writes in from g2k14:

This issue was first made apparent due to the systrace sandbox technique now used in the ssh tools, which prevents syslog_r from doing socket, connect, sendto.. all the good system calls necessary to report failure, but dangerous -- and precisely what the sandbox is trying to prevent.

This has been solved by creating a new system call that can send a message to syslogd without needing any additional resources; syslog_r(3) then uses this directly, one shot, fire and forget. The system call is rather narrow in purpose, and thus named sendsyslog(2), but this also fits the narrow use case it will have such as sandboxing.

In that regard, it is quite similar to the way getentropy(2) was carved off sysctl. Funny how one thing leads to another.

Taking a break from the kernel space, it was time for some cleanup and hopeful improvement for /etc, sysmerge, and the installation tools. Robert and Antoine helped out with a plan to mostly empty /etc/rc, this work is not yet finished but will lead to an improved sysmerge. On other fronts, I worked with the install script guys and the DRM guys to make sure that our next release can automatically know to leave the X aperture closed for capable chipsets.

Remainder of the hackathon I flitted here and there, as usual, participating in projects of other developers. A very enjoyable and productive week!