syslog from chrooted environment

Damien Miller djm at mindrot.org
Tue Jul 25 10:23:55 AEST 2017


On Mon, 24 Jul 2017, Peter Stuge wrote:

> Mike Tancsa wrote:
> > Are there any alternatives to this method ?  Are there any patches
> > thoughts for supplementary logging of some sort of sshd that can work
> > around these logging constraints ?
> 
> openlog() doesn't return an fd, but keeps the syslog connection internal.
> 
> You could rewrite do_log() to not use openlog() but access /dev/syslog
> directly, then sshd could pass the fd to child processes. It wouldn't
> scale beyond OpenSSH though - ie. only for sftp, not for external
> subsystems.

There's a patch on bugzilla to make the post-auth sshd monitor handle
logging as it does during the pre-auth phase. I'm undecided about it
so far.

I wish other operating systems would copy OpenBSD's sendsyslog() -
it makes life considerably simpler for privilege-separated and
sandboxed applications.

On linux you could probably do it with a well-known Unix domain
syslog listener in the abstract socket namespace, e.g. "@syslog"

-d


More information about the openssh-unix-dev mailing list