Syslog via UDP for chrooted environments

Darren Tucker dtucker at zip.com.au
Sat May 19 14:20:32 EST 2012


On Fri, May 18, 2012 at 05:24:23PM -0700, Matt Warner wrote:
> From things I've read in the distant past, I have the impression that
> the OpenSSH project tries to keep new features to a minimum, and there
> are good security reasons to do this. That said, one feature that I
> feel would be a good addition to OpenSSH is the ability to send logs
> via UDP directly to a syslog server. It seems to me that the benefits
> of this approach include:
> 
>   1. No need to setup /dev/log in every chroot. This is a huge plus
> for anyone dealing with a large number of chrooted users or in
> environments where the underlying filesystem has the "nodevices" flag
> set (I have both).

One of the down sides of using UDP is that it's less trustworthy than
the local socket since it's easier to spoof.

Anyway, you could link in an alternative implementation of the syslog
functions at build time that do anything you want, you wouldn't need
to change the code.  Just implement openlog, syslog and closelog (or
the _r equivalents, if that's what your platform has) then ./configure
--with-libs=-lyoursyslog.

An alternative might be to use the existing code for sending log
messages to the monitor (which is not chrooted).  Much of the code
already exists (it was added in 5.9):

 - djm at cvs.openbsd.org 2011/06/17 21:44:31
   [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c]
   make the pre-auth privsep slave log via a socketpair shared with the
   monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@


-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list