Thanks, this sounds like the solution could be in this direction. I think, the sftpd process should just not write to the /dev/log unix socket (because this leads to the problem here), but to the local kernel directly, something like what you describe here. But how could I do this concrete with Ubuntu Linux? What you write is rather abstract and I am not so expert that I understand what you mean with LD_PRELOAD wrapper. Unfortunately, I could not change our sftp server to OpenBSD operating system since we would not have the capacity to maintain this one special operating system. We maintain our 350 Ubuntu Linux servers with already established processes. > This is amongst the reasons why OpenBSD has the sendsyslog(2) syscall, > https://man.openbsd.org/sendsyslog.2 - the syslog daemon opens a > kernel socket to receive those messages, and processes which want to > write a log entry just call the standard syslog functions which use > sendsyslog(2) rather than /dev/log, so it works even through FD > exhaustion, in chroot, and with syscall filters that prohibit > filesystem access. > > Not entirely pleasant but I suppose it could alternatively be done by > using a LD_PRELOAD wrapper to override syslog functions (I think just > syslog_r is probably enough for openssh) and have them send over a > network socket instead. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev