syslog from chrooted environment
Damien Miller
djm at mindrot.org
Tue Jul 25 10:23:55 AEST 2017
On Mon, 24 Jul 2017, Peter Stuge wrote:
> Mike Tancsa wrote:
> > Are there any alternatives to this method ? Are there any patches
> > thoughts for supplementary logging of some sort of sshd that can work
> > around these logging constraints ?
>
> openlog() doesn't return an fd, but keeps the syslog connection internal.
>
> You could rewrite do_log() to not use openlog() but access /dev/syslog
> directly, then sshd could pass the fd to child processes. It wouldn't
> scale beyond OpenSSH though - ie. only for sftp, not for external
> subsystems.
There's a patch on bugzilla to make the post-auth sshd monitor handle
logging as it does during the pre-auth phase. I'm undecided about it
so far.
I wish other operating systems would copy OpenBSD's sendsyslog() -
it makes life considerably simpler for privilege-separated and
sandboxed applications.
On linux you could probably do it with a well-known Unix domain
syslog listener in the abstract socket namespace, e.g. "@syslog"
-d
More information about the openssh-unix-dev
mailing list