| 1 |
diff -up openssh-5.1p1/sshd.c.log-chroot openssh-5.1p1/sshd.c
|
| 2 |
--- openssh-5.1p1/sshd.c.log-chroot 2008-07-23 15:18:52.000000000 +0200
|
| 3 |
+++ openssh-5.1p1/sshd.c 2008-07-23 15:18:52.000000000 +0200
|
| 4 |
@@ -591,6 +591,10 @@ privsep_preauth_child(void)
|
| 5 |
/* Demote the private keys to public keys. */
|
| 6 |
demote_sensitive_data();
|
| 7 |
|
| 8 |
+ /* Open the syslog permanently so the chrooted process still
|
| 9 |
+ can write to syslog. */
|
| 10 |
+ open_log();
|
| 11 |
+
|
| 12 |
/* Change our root directory */
|
| 13 |
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
|
| 14 |
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
|
| 15 |
diff -up openssh-5.1p1/log.c.log-chroot openssh-5.1p1/log.c
|
| 16 |
--- openssh-5.1p1/log.c.log-chroot 2008-06-10 15:01:51.000000000 +0200
|
| 17 |
+++ openssh-5.1p1/log.c 2008-07-23 15:18:52.000000000 +0200
|
| 18 |
@@ -45,6 +45,7 @@
|
| 19 |
#include <syslog.h>
|
| 20 |
#include <unistd.h>
|
| 21 |
#include <errno.h>
|
| 22 |
+#include <fcntl.h>
|
| 23 |
#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
|
| 24 |
# include <vis.h>
|
| 25 |
#endif
|
| 26 |
@@ -56,6 +57,7 @@
|
| 27 |
static int log_on_stderr = 1;
|
| 28 |
static int log_facility = LOG_AUTH;
|
| 29 |
static char *argv0;
|
| 30 |
+int log_fd_keep = 0;
|
| 31 |
|
| 32 |
extern char *__progname;
|
| 33 |
|
| 34 |
@@ -310,6 +312,8 @@
|
| 35 |
exit(1);
|
| 36 |
}
|
| 37 |
|
| 38 |
+ if (log_fd_keep != 0)
|
| 39 |
+ return;
|
| 40 |
/*
|
| 41 |
* If an external library (eg libwrap) attempts to use syslog
|
| 42 |
* immediately after reexec, syslog may be pointing to the wrong
|
| 43 |
@@ -392,10 +396,33 @@
|
| 44 |
syslog_r(pri, &sdata, "%.500s", fmtbuf);
|
| 45 |
closelog_r(&sdata);
|
| 46 |
#else
|
| 47 |
+ if (!log_fd_keep) {
|
| 48 |
openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility);
|
| 49 |
+ }
|
| 50 |
syslog(pri, "%.500s", fmtbuf);
|
| 51 |
+ if (!log_fd_keep) {
|
| 52 |
closelog();
|
| 53 |
+ }
|
| 54 |
#endif
|
| 55 |
}
|
| 56 |
errno = saved_errno;
|
| 57 |
}
|
| 58 |
+
|
| 59 |
+void
|
| 60 |
+open_log(void)
|
| 61 |
+{
|
| 62 |
+ int temp1, temp2;
|
| 63 |
+
|
| 64 |
+ temp1 = open("/dev/null", O_RDONLY);
|
| 65 |
+ openlog(argv0 ? argv0 : __progname, LOG_PID|LOG_NDELAY, log_facility);
|
| 66 |
+ temp2 = open("/dev/null", O_RDONLY);
|
| 67 |
+ if (temp1 + 2 == temp2)
|
| 68 |
+ log_fd_keep = temp1 + 1;
|
| 69 |
+ else
|
| 70 |
+ log_fd_keep = -1;
|
| 71 |
+
|
| 72 |
+ if (temp1 != -1)
|
| 73 |
+ close(temp1);
|
| 74 |
+ if (temp2 != -1)
|
| 75 |
+ close(temp2);
|
| 76 |
+}
|
| 77 |
diff -up openssh-5.1p1/log.h.log-chroot openssh-5.1p1/log.h
|
| 78 |
--- openssh-5.1p1/log.h.log-chroot 2008-06-13 02:22:54.000000000 +0200
|
| 79 |
+++ openssh-5.1p1/log.h 2008-07-23 15:20:11.000000000 +0200
|
| 80 |
@@ -46,6 +46,9 @@
|
| 81 |
SYSLOG_LEVEL_NOT_SET = -1
|
| 82 |
} LogLevel;
|
| 83 |
|
| 84 |
+
|
| 85 |
+extern int log_fd_keep;
|
| 86 |
+
|
| 87 |
void log_init(char *, LogLevel, SyslogFacility, int);
|
| 88 |
|
| 89 |
SyslogFacility log_facility_number(char *);
|
| 90 |
@@ -66,4 +69,6 @@
|
| 91 |
|
| 92 |
void do_log(LogLevel, const char *, va_list);
|
| 93 |
void cleanup_exit(int) __attribute__((noreturn));
|
| 94 |
+
|
| 95 |
+void open_log(void);
|
| 96 |
#endif
|
| 97 |
--- openssh-5.2p1/session.c. 2009-03-20 18:32:01.004151364 +0100
|
| 98 |
+++ openssh-5.2p1/session.c 2009-03-20 19:00:28.328742384 +0100
|
| 99 |
@@ -1445,6 +1456,7 @@
|
| 100 |
if (chdir(path) == -1)
|
| 101 |
fatal("Unable to chdir to chroot path \"%s\": "
|
| 102 |
"%s", path, strerror(errno));
|
| 103 |
+ open_log ();
|
| 104 |
if (chroot(path) == -1)
|
| 105 |
fatal("chroot(\"%s\"): %s", path, strerror(errno));
|
| 106 |
if (chdir("/") == -1)
|
| 107 |
@@ -1632,7 +1644,8 @@
|
| 108 |
* descriptors open.
|
| 109 |
*/
|
| 110 |
for (i = 3; i < 64; i++)
|
| 111 |
- close(i);
|
| 112 |
+ if (i != log_fd_keep)
|
| 113 |
+ close(i);
|
| 114 |
}
|
| 115 |
|
| 116 |
/*
|
Parent Directory
| 
Revision Log