Re: syslog from chrooted environment

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Mon, 24 Jul 2017, Peter Stuge wrote:

> Mike Tancsa wrote:
> > Are there any alternatives to this method ?  Are there any patches
> > thoughts for supplementary logging of some sort of sshd that can work
> > around these logging constraints ?
> 
> openlog() doesn't return an fd, but keeps the syslog connection internal.
> 
> You could rewrite do_log() to not use openlog() but access /dev/syslog
> directly, then sshd could pass the fd to child processes. It wouldn't
> scale beyond OpenSSH though - ie. only for sftp, not for external
> subsystems.

There's a patch on bugzilla to make the post-auth sshd monitor handle
logging as it does during the pre-auth phase. I'm undecided about it
so far.

I wish other operating systems would copy OpenBSD's sendsyslog() -
it makes life considerably simpler for privilege-separated and
sandboxed applications.

On linux you could probably do it with a well-known Unix domain
syslog listener in the abstract socket namespace, e.g. "@syslog"

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux