syslog-ng1
Paul Schenkeveld
freebsd at psconsult.nl
Mon Oct 24 15:51:34 UTC 2011
Hello,
Recently sysutils/syslog-ng (version 1) moved to sysutils/syslog-ng1
and version 3 became the standard. The Makefile for syslog-ng1 says:
DEPRECATED= Suggested by syslog-ng upline, no longer supported
FORBIDDEN= Vulnerable since 2008-11-18, http://portaudit.freebsd.org/75f2382e-b586-11dd-95f9-00e0815b8da8.html
and portaudit.freebsd.org says:
I have not had the time to analyze all of syslog-ng code. But by
reading the code section near the chroot call and looking at strace
results I believe that syslog-ng does not chdir to the chroot jail's
location before chrooting into it.
This opens up ways to work around the chroot jail.
However, if I look at the code (main.c function main() near line 514):
if (chroot_dir) {
if (chdir(chroot_dir) < 0) {
werror("Error chdiring, exiting.\n");
return 3;
}
if (chroot(".") < 0) {
werror("Error chrooting, exiting.\n");
return 3;
}
}
it looks like the chdir is already present (main.c dates back to Mar 14,
2006). This is the only occurrence of chroot() in the sources.
Am I missing something here?
My reason for bothering is that I use syslog-ng on man systems that have
no persistent storage to send logging to a central logserver over TCP.
Syslog-ng versions 2 and 3 pull in way too many ports to be useful in
embedded systems so I'd really like to see version 1 survive, unless
someone else has a suggestion for a replacement. BTW, the log servers
also run syslog-ng and our configuration uses too many features of
-ng to switch to another syslog replacement but we can consider using
version 2 or 3 there.
What does it take to keep version 1 maintained and in the ports tree?
Best regards,
Paul Schenkeveld
More information about the freebsd-ports
mailing list