[patch] postauth processes to log via monitor

Petr Lautrbach plautrba at redhat.com
Wed Oct 1 23:33:42 EST 2014


Hi,

there is a long standing problem with logging in chroots. Especially,
when you use %u in ChrootDirectory, it is nearly impossible to have
/dev/log in every possible chroot for all users.

It seems to be important mainly for sftp-internal session which are
simply configurable to be chrooted and where admins would like to log
sftp session commands.

I have put together a patch which introduces a new configuration option
LogViaMonitor. When this option is 'yes', then postauth unprivileged
processes log via their monitor process instead of via standard channels
(syslog, stderr).

I've removed closefrom() from close_child_fds() in order not to close
m_log_send_fd socket before sftp_server_main() is called. And I've put
it to a part of code where it's clear that there will be exec().

I'd appreciate any comment or suggestion.


Petr
-- 
Petr Lautrbach


-------------- next part --------------
A non-text attachment was scrubbed...
Name: log-via-monitor.patch
Type: text/x-patch
Size: 10936 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20141001/ab8af223/attachment-0001.bin>


More information about the openssh-unix-dev mailing list