syslogd(8) privileged and non-privileged parts now separate binaries

Contributed by Peter N. M. Hansteen on 2026-06-11 from the logged, separately dept.

In OpenBSD, the syslogd(8) system logger has already for a while now fork(2)ed the privileged from the non-privileged parts.

Now Alexander Bluhm (bluhm@) decided it's time to split these parts into separate binaries in order to provide even better separation. The final commit message reads,

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Alexander Bluhm <bluhm () openbsd ! org>
Date:       2026-06-11 15:41:33

CVSROOT:	/cvs
Module name:	src
Changes by:	bluhm@cvs.openbsd.org	2026/06/11 09:41:33

Modified files:
	usr.sbin/syslogd: Makefile privsep.c syslogd.c syslogd.h 
	etc/rc.d       : syslogd 
Added files:
	usr.sbin/syslogd: Makefile.inc parent.c 
	usr.sbin/syslogd/parent: Makefile 
	usr.sbin/syslogd/syslogd: Makefile 

Log message:
Provide a separate executable file for syslogd parent.

syslogd(8) forks and execs its parent process to keep privileged
parts separated.  This parent process can be easily implemented as
a separate program.  It gets its own main() and minimal debug logging
functions.  The splitted parent process image is smaller, especially
without additional libs.
Use additional directories to build both parts.  The rcctl script
has to be adopted, as the parent process has a different name.

OK deraadt@

The code should be in snapshots by the time you read this. So please fire up that sysupgrade -s if you're already on snapshots!

Latest Articles

Fri, Jun 12
- 08:02 syslogd(8) privileged and non-privileged parts now separate binaries (0)
Fri, Jun 05
- 06:41 Random relinking at boot comes to httpd(8) and smtpd(8) (0)
Wed, Jun 03
- 06:58 llvm/clang(1)/lld(1) updated to version 22.1.6 (0)
Wed, May 27
- 05:56 LibreSSL 4.3.2 released (0)
Sat, May 23
- 11:51 Game of Trees 0.126 released (0)
Tue, May 19
- 13:27 OpenBSD 7.9 Released (1)
Sat, May 16
- 06:46 Migrating mail servers from exim to OpenSMTPD (smtpd) is fun and useful (0)
Wed, May 13
- 06:49 Automatic expiry at timeout for pf(4) overload tables (0)
Tue, May 12
- 11:52 Let's find out how to get predictable IPv6 addresses assigned to OpenBSD VMs (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]