Attachment #1680 for bug #1636

View | Details | Raw Unified | Return to bug 1636
Collapse All | Expand All

Lines 45-50 Link Here

(-)openssh-5.2p1/log.c.log-chroot (+27 lines)
45	#include <syslog.h>	45	#include <syslog.h>
46	#include <unistd.h>	46	#include <unistd.h>
47	#include <errno.h>	47	#include <errno.h>
		48	#include <fcntl.h>
48	#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)	49	#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
49	# include <vis.h>	50	# include <vis.h>
50	#endif	51	#endif
Lines 56-61 static LogLevel log_level = SYSLOG_LEVEL Link Here
56	static int log_on_stderr = 1;	57	static int log_on_stderr = 1;
57	static int log_facility = LOG_AUTH;	58	static int log_facility = LOG_AUTH;
58	static char *argv0;	59	static char *argv0;
		60	int log_fd_keep = 0;
59		61
60	extern char *__progname;	62	extern char *__progname;
61		63
Lines 310-315 log_init(char *av0, LogLevel level, Sysl Link Here
310	exit(1);	312	exit(1);
311	}	313	}
312		314
		315	if (log_fd_keep != 0)
		316	return;
313	/*	317	/*
314	* If an external library (eg libwrap) attempts to use syslog	318	* If an external library (eg libwrap) attempts to use syslog
315	* immediately after reexec, syslog may be pointing to the wrong	319	* immediately after reexec, syslog may be pointing to the wrong
Lines 392-401 do_log(LogLevel level, const char *fmt, Link Here
392	syslog_r(pri, &sdata, "%.500s", fmtbuf);	396	syslog_r(pri, &sdata, "%.500s", fmtbuf);
393	closelog_r(&sdata);	397	closelog_r(&sdata);
394	#else	398	#else
		399	if (!log_fd_keep) {
395	openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility);	400	openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility);
		401	}
396	syslog(pri, "%.500s", fmtbuf);	402	syslog(pri, "%.500s", fmtbuf);
		403	if (!log_fd_keep) {
397	closelog();	404	closelog();
		405	}
398	#endif	406	#endif
399	}	407	}
400	errno = saved_errno;	408	errno = saved_errno;
401	}	409	}
		410
		411	void
		412	open_log(void)
		413	{
		414	int temp1, temp2;
		415
		416	temp1 = open("/dev/null", O_RDONLY);
		417	openlog(argv0 ? argv0 : __progname, LOG_PID\|LOG_NDELAY, log_facility);
		418	temp2 = open("/dev/null", O_RDONLY);
		419	if (temp1 + 2 == temp2)
		420	log_fd_keep = temp1 + 1;
		421	else
		422	log_fd_keep = -1;
		423
		424	if (temp1 != -1)
		425	close(temp1);
		426	if (temp2 != -1)
		427	close(temp2);
		428	}

Lines 46-51 typedef enum { Link Here

(-)openssh-5.2p1/log.h.log-chroot (+5 lines)
46	SYSLOG_LEVEL_NOT_SET = -1	46	SYSLOG_LEVEL_NOT_SET = -1
47	} LogLevel;	47	} LogLevel;
48		48
		49
		50	extern int log_fd_keep;
		51
49	void log_init(char *, LogLevel, SyslogFacility, int);	52	void log_init(char *, LogLevel, SyslogFacility, int);
50		53
51	SyslogFacility log_facility_number(char *);	54	SyslogFacility log_facility_number(char *);
Lines 66-69 void debug3(const char *, ...) __att Link Here
66		69
67	void do_log(LogLevel, const char *, va_list);	70	void do_log(LogLevel, const char *, va_list);
68	void cleanup_exit(int) __attribute__((noreturn));	71	void cleanup_exit(int) __attribute__((noreturn));
		72
		73	void open_log(void);
69	#endif	74	#endif

Lines 1445-1450 safely_chroot(const char *path, uid_t ui Link Here

(-)openssh-5.2p1/session.c.log-chroot (-1 / +3 lines)
1445	if (chdir(path) == -1)	1445	if (chdir(path) == -1)
1446	fatal("Unable to chdir to chroot path \"%s\": "	1446	fatal("Unable to chdir to chroot path \"%s\": "
1447	"%s", path, strerror(errno));	1447	"%s", path, strerror(errno));
		1448	open_log ();
1448	if (chroot(path) == -1)	1449	if (chroot(path) == -1)
1449	fatal("chroot(\"%s\"): %s", path, strerror(errno));	1450	fatal("chroot(\"%s\"): %s", path, strerror(errno));
1450	if (chdir("/") == -1)	1451	if (chdir("/") == -1)
Lines 1636-1642 child_close_fds(void) Link Here
1636	* descriptors open.	1637	* descriptors open.
1637	*/	1638	*/
1638	for (i = 3; i < 64; i++)	1639	for (i = 3; i < 64; i++)
1639	close(i);	1640	if (i != log_fd_keep)
		1641	close(i);
1640	}	1642	}
1641		1643
1642	/*	1644	/*

Lines 590-595 privsep_preauth_child(void) Link Here

(-)openssh-5.2p1/sshd.c.log-chroot (+4 lines)
590	/* Demote the private keys to public keys. */	590	/* Demote the private keys to public keys. */
591	demote_sensitive_data();	591	demote_sensitive_data();
592		592
		593	/* Open the syslog permanently so the chrooted process still
		594	can write to syslog. */
		595	open_log();
		596
593	/* Change our root directory */	597	/* Change our root directory */
594	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)	598	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
595	fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,	599	fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,

Return to bug 1636