Aw: Re: Howto log multiple sftpd instances with their chroot shared via NFS
Hildegard Meier
daku8938 at gmx.de
Sat Sep 25 01:42:08 AEST 2021
Thanks, this sounds like the solution could be in this direction.
I think, the sftpd process should just not write to the /dev/log unix socket (because this leads to the problem here), but to the local kernel directly, something like what you describe here.
But how could I do this concrete with Ubuntu Linux? What you write is rather abstract and I am not so expert that I understand what you mean with LD_PRELOAD wrapper.
Unfortunately, I could not change our sftp server to OpenBSD operating system since we would not have the capacity to maintain this one special operating system. We maintain our 350 Ubuntu Linux servers with already established processes.
> This is amongst the reasons why OpenBSD has the sendsyslog(2) syscall,
> https://man.openbsd.org/sendsyslog.2 - the syslog daemon opens a
> kernel socket to receive those messages, and processes which want to
> write a log entry just call the standard syslog functions which use
> sendsyslog(2) rather than /dev/log, so it works even through FD
> exhaustion, in chroot, and with syscall filters that prohibit
> filesystem access.
>
> Not entirely pleasant but I suppose it could alternatively be done by
> using a LD_PRELOAD wrapper to override syslog functions (I think just
> syslog_r is probably enough for openssh) and have them send over a
> network socket instead.
More information about the openssh-unix-dev
mailing list