calls to syslog() replaced with __syslog_chk()?

Question

I am trying to use LD_PRELOAD to intercept calls to syslog(). I could successfully try that on one of my program and it worked.

When I tried it on a pre-built application (came via a Debian package), I observed that it invokes __syslog_chk(), on inspecting the source of the package, there were no direct calls to __syslog_chk() !

So, it ought to be the compiler [whichever was used], changed the syslog()s to __syslog_chk() ? I tried with gcc options -D_FORTIFY_SOURCE=2, -O2 etc. None of them seemed to make this change! Which option forces use of __chk() function ?

Answer 1

it ought to be the compiler [whichever was used], changed the syslog()s to __syslog_chk() ?

Yes, you might say that, as always inspect the sources. https://github.com/lattera/glibc/blob/master/misc/sys/syslog.h -> #if __USE_FORTIFY_LEVEL > 0 && defined __fortify_function -> https://github.com/lattera/glibc/blob/master/misc/bits/syslog.h#L31 . The __fortify_function is a extern inline, and you might want to read about extern inline https://gcc.gnu.org/onlinedocs/gcc/Inline.html What does extern inline do? . The compiler chooses the inline version of the function instead of the extern one, and inlines the call, making it __syslog_chk.

Which option forces use of __chk() function ?

Using -D_FORTIFY_SOURCE=2. Inspect the syslog.h of your system - it's all there. Good IDE come with a "jump to definition" functionality which greatly enhances browsing in such cases.

Note that https://github.com/lattera/glibc/blob/895ef79e04a953cac1493863bcae29ad85657ee1/misc/syslog.c#L112 syslog->__syslog->__vsyslog_chk and __syslog_chk -> __vsyslog_chk. You might just LD_PRELOAD __vsyslog_chk to handle all cases.