This patch is a modification of the origional bash bofh patch written
by "ef@ccitt5.net" for bash-2.05a.

It can be downloaded from:

  http://devsec.org/patch/bash/bash-bofh-2.05b.tk-1.patch

-Thor Kooda
 2005-09-21


diff -Naru bash-2.05b.orig/config.h.in bash-2.05b/config.h.in
--- bash-2.05b.orig/config.h.in	2002-06-25 08:48:52.000000000 -0500
+++ bash-2.05b/config.h.in	2005-09-20 23:49:39.000000000 -0500
@@ -875,4 +875,10 @@
 
 #include "config-bot.h"
 
+/* Bash-bofh specific define templates */
+#undef BOFH
+#undef SCRIPT_BOFH
+#undef BOFH_LOGFACILITY
+#undef BOFH_LOGLEVEL
+
 #endif /* _CONFIG_H_ */
diff -Naru bash-2.05b.orig/configure bash-2.05b/configure
--- bash-2.05b.orig/configure	2002-07-16 08:31:47.000000000 -0500
+++ bash-2.05b/configure	2005-09-20 23:49:39.000000000 -0500
@@ -712,6 +712,8 @@
                           make the echo builtin expand escape sequences by
                           default
   --enable-mem-scramble   scramble memory on calls to malloc and free
+  --enable-bofh           enable bash-BOFH logging(default)
+  --disable-script-bofh   disables shellscript logging(default)
   --enable-profiling      allow profiling with gprof
   --enable-static-link    link bash statically, for use as a root shell
   --disable-largefile     omit support for large files
@@ -1266,6 +1268,10 @@
 opt_net_redirs=yes
 opt_progcomp=yes
 opt_separate_help=no
+opt_bofh=yes
+opt_script_bofh=no
+opt_bofh_logfacility=LOG_USER
+opt_bofh_loglevel=LOG_INFO
 
 opt_static_link=no
 opt_profiling=no
@@ -1407,6 +1413,27 @@
   opt_xpg_echo=$enableval
 fi;
 
+# Check whether --enable-bofh or --disable-bofh was given.
+if test "${enable_bofh+set}" = set; then
+  enableval="$enable_bofh"
+  opt_bofh=$enableval
+fi;
+# Check whether --enable-script_bofh or --disable-script_bofh was given.
+if test "${enable_script_bofh+set}" = set; then
+  enableval="$enable_script_bofh"
+  opt_script_bofh=$enableval
+fi;
+# Check whether --with-bofh_logfacility or --without-bofh_logfacility was given
+if test "${with_bofh_logfacility+set}" = set; then
+  withval="$with_bofh_logfacility"
+  opt_bofh_logfacility=$withval
+fi;
+# Check whether --with-bofh_loglevel or --without-bofh_loglevel was given.
+if test "${with_bofh_loglevel+set}" = set; then
+  withval="$with_bofh_loglevel"
+  opt_bofh_loglevel=$withval
+fi;
+
 # Check whether --enable-mem-scramble or --disable-mem-scramble was given.
 if test "${enable_mem_scramble+set}" = set; then
   enableval="$enable_mem_scramble"
@@ -1539,6 +1566,23 @@
 
 fi
 
+if test $opt_bofh = yes; then
+cat >>confdefs.h <<EOF
+#define BOFH 1
+EOF
+fi
+if test $opt_script_bofh = yes; then
+cat >>confdefs.h <<EOF
+#define SCRIPT_BOFH 1
+EOF
+fi
+cat >>confdefs.h <<EOF
+#define BOFH_LOGFACILITY $opt_bofh_logfacility
+EOF
+cat >>confdefs.h <<EOF
+#define BOFH_LOGLEVEL $opt_bofh_loglevel
+EOF
+
 if test "$opt_minimal_config" = yes; then
 	TESTSCRIPT=run-minimal
 else
diff -Naru bash-2.05b.orig/configure.in bash-2.05b/configure.in
--- bash-2.05b.orig/configure.in	2002-07-16 08:31:25.000000000 -0500
+++ bash-2.05b/configure.in	2005-09-20 23:49:39.000000000 -0500
@@ -164,6 +164,10 @@
 opt_net_redirs=yes
 opt_progcomp=yes
 opt_separate_help=no
+opt_bofh=yes
+opt_script_bofh=no
+opt_bofh_logfacility=LOG_USER
+opt_bofh_loglevel=LOG_INFO
 
 dnl options that affect how bash is compiled and linked
 opt_static_link=no
@@ -208,6 +212,10 @@
 AC_ARG_ENABLE(separate-helpfiles, AC_HELP_STRING([--enable-separate-helpfiles], [use external files for help builtin documentation]), opt_separate_help=$enableval)
 AC_ARG_ENABLE(usg-echo-default, AC_HELP_STRING([--enable-usg-echo-default], [a synonym for --enable-xpg-echo-default]), opt_xpg_echo=$enableval)
 AC_ARG_ENABLE(xpg-echo-default, AC_HELP_STRING([--enable-xpg-echo-default], [make the echo builtin expand escape sequences by default]), opt_xpg_echo=$enableval)
+AC_ARG_ENABLE(bofh, AC_HELP_STRING([--enable-bofh], [enable bash-BOFH logging(default)], opt_bofh=$enableval)
+AC_ARG_ENABLE(script_bofh, AC_HELP_STRING([--disable-script-bofh], [disables shellscript logging(default)], opt_script_bofh=$enableval)
+AC_ARG_WITH(bofh_logfacility, AC_HELP_STRING([--with-bofh-logfacility = FACILITY], [BOFH syslog facility(default = LOG_USER)], opt_bofh_logfacility=$withval)
+AC_ARG_WITH(bofh_loglevel, AC_HELP_STRING([--with-bofh-loglevel = LEVEL], [BOFH syslog level(default = LOG_INFO)], opt_bofh_loglevel=$withval)
 
 dnl options that alter how bash is compiled and linked
 AC_ARG_ENABLE(mem-scramble, AC_HELP_STRING([--enable-mem-scramble], [scramble memory on calls to malloc and free]), opt_memscramble=$enableval)
diff -Naru bash-2.05b.orig/shell.c bash-2.05b/shell.c
--- bash-2.05b.orig/shell.c	2002-07-01 10:27:11.000000000 -0500
+++ bash-2.05b/shell.c	2005-09-20 23:49:39.000000000 -0500
@@ -76,6 +76,11 @@
 #  include <opennt/opennt.h>
 #endif
 
+#ifdef BOFH
+#include <syslog.h>
+#include <sys/types.h>
+#endif
+
 #if !defined (HAVE_GETPW_DECLS)
 extern struct passwd *getpwuid ();
 #endif /* !HAVE_GETPW_DECLS */
@@ -316,6 +321,11 @@
 #endif
   volatile int locally_skip_execution;
   volatile int arg_index, top_level_arg_index;
+
+#ifdef BOFH
+  struct passwd *pwd_ent;
+#endif
+
 #ifdef __OPENNT
   char **env;
 
@@ -523,8 +533,25 @@
       running_under_emacs = term ? ((strmatch ("*term*", term, 0) == 0) ? 2 : 1)
 				 : 0;
       no_line_editing |= term && term[0] == 't' && term[1] == '\0';
+#ifdef BOFH
+#ifndef SCRIPT_BOFH
+      openlog("bash",LOG_PID,BOFH_LOGFACILITY);
+      pwd_ent=getpwuid(getuid());
+      syslog(BOFH_LOGLEVEL,"interactive shell started by username: %s UID: %d EUID: %d GID: %d EGID: %d",
+             pwd_ent->pw_name,pwd_ent->pw_uid,geteuid(),getgid(),getegid());
+#endif
+#endif
     }
 
+#ifdef BOFH
+#ifdef SCRIPT_BOFH
+  openlog("bash",LOG_PID|LOG_NDELAY,BOFH_LOGFACILITY);
+  pwd_ent=getpwuid(getuid());
+  syslog(BOFH_LOGLEVEL,"shell started by username: %s UID: %d EUID: %d GID: %d EGID: %d",
+         pwd_ent->pw_name,pwd_ent->pw_uid,geteuid(),getgid(),getegid());
+#endif
+#endif
+
   top_level_arg_index = arg_index;
   old_errexit_flag = exit_immediately_on_error;
 
diff -Naru bash-2.05b.orig/y.tab.c bash-2.05b/y.tab.c
--- bash-2.05b.orig/y.tab.c	2002-05-21 10:57:35.000000000 -0500
+++ bash-2.05b/y.tab.c	2005-09-20 23:50:08.000000000 -0500
@@ -80,6 +80,12 @@
 
 #include "shmbutil.h"
 
+#ifdef BOFH
+#include <syslog.h>
+#include <pwd.h>
+#include <sys/types.h>
+#endif
+
 #if defined (READLINE)
 #  include "bashline.h"
 #  include <readline/readline.h>
@@ -3268,6 +3274,9 @@
   int c;
   unsigned char uc;
   static int mustpop = 0;
+#ifdef BOFH
+  struct passwd *pwd_ent;
+#endif
 
   QUIT;
 
@@ -3363,6 +3372,20 @@
 
       set_line_mbstate ();
 
+#ifdef BOFH
+#ifdef SCRIPT_BOFH
+      pwd_ent=getpwuid(getuid());
+      syslog(BOFH_LOGLEVEL,"[%s] %s", pwd_ent->pw_name,shell_input_line);
+#else
+#ifdef HISTORY
+      if (remember_on_history && shell_input_line && shell_input_line[0]){
+        pwd_ent=getpwuid(getuid());
+        syslog(BOFH_LOGLEVEL,"[%s] %s", pwd_ent->pw_name,shell_input_line);
+      }
+#endif
+#endif
+#endif
+
 #if defined (HISTORY)
       if (remember_on_history && shell_input_line && shell_input_line[0])
 	{
