[patch] postauth processes to log via monitor
Petr Lautrbach
plautrba at redhat.com
Tue Dec 2 02:40:03 EST 2014
On 10/01/2014 03:33 PM, Petr Lautrbach wrote:
> Hi,
>
> there is a long standing problem with logging in chroots. Especially,
> when you use %u in ChrootDirectory, it is nearly impossible to have
> /dev/log in every possible chroot for all users.
>
> It seems to be important mainly for sftp-internal session which are
> simply configurable to be chrooted and where admins would like to log
> sftp session commands.
>
> I have put together a patch which introduces a new configuration option
> LogViaMonitor. When this option is 'yes', then postauth unprivileged
> processes log via their monitor process instead of via standard channels
> (syslog, stderr).
>
> I've removed closefrom() from close_child_fds() in order not to close
> m_log_send_fd socket before sftp_server_main() is called. And I've put
> it to a part of code where it's clear that there will be exec().
>
> I'd appreciate any comment or suggestion.
>
Ping?
Do you have any comments, objections or hints?
Thanks,
Petr
--
Petr Lautrbach
More information about the openssh-unix-dev
mailing list