View | Details | Raw Unified | Return to bug 1636
Collapse All | Expand All

(-)openssh-5.2p1/log.c.log-chroot (+27 lines)
Lines 45-50 Link Here
45
#include <syslog.h>
45
#include <syslog.h>
46
#include <unistd.h>
46
#include <unistd.h>
47
#include <errno.h>
47
#include <errno.h>
48
#include <fcntl.h>
48
#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
49
#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
49
# include <vis.h>
50
# include <vis.h>
50
#endif
51
#endif
Lines 56-61 static LogLevel log_level = SYSLOG_LEVEL Link Here
56
static int log_on_stderr = 1;
57
static int log_on_stderr = 1;
57
static int log_facility = LOG_AUTH;
58
static int log_facility = LOG_AUTH;
58
static char *argv0;
59
static char *argv0;
60
int log_fd_keep = 0;
59
61
60
extern char *__progname;
62
extern char *__progname;
61
63
Lines 310-315 log_init(char *av0, LogLevel level, Sysl Link Here
310
		exit(1);
312
		exit(1);
311
	}
313
	}
312
314
315
	if (log_fd_keep != 0)
316
		return;
313
	/*
317
	/*
314
	 * If an external library (eg libwrap) attempts to use syslog
318
	 * If an external library (eg libwrap) attempts to use syslog
315
	 * immediately after reexec, syslog may be pointing to the wrong
319
	 * immediately after reexec, syslog may be pointing to the wrong
Lines 392-401 do_log(LogLevel level, const char *fmt, Link Here
392
		syslog_r(pri, &sdata, "%.500s", fmtbuf);
396
		syslog_r(pri, &sdata, "%.500s", fmtbuf);
393
		closelog_r(&sdata);
397
		closelog_r(&sdata);
394
#else
398
#else
399
	    if (!log_fd_keep) {
395
		openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility);
400
		openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility);
401
	    }
396
		syslog(pri, "%.500s", fmtbuf);
402
		syslog(pri, "%.500s", fmtbuf);
403
	    if (!log_fd_keep) {
397
		closelog();
404
		closelog();
405
	    }
398
#endif
406
#endif
399
	}
407
	}
400
	errno = saved_errno;
408
	errno = saved_errno;
401
}
409
}
410
411
void
412
open_log(void)
413
{
414
	int temp1, temp2;
415
416
	temp1 = open("/dev/null", O_RDONLY);
417
	openlog(argv0 ? argv0 : __progname, LOG_PID|LOG_NDELAY, log_facility);
418
	temp2 = open("/dev/null", O_RDONLY);
419
	if (temp1 + 2 ==  temp2)
420
		log_fd_keep = temp1 + 1;
421
	else 
422
		log_fd_keep = -1;
423
424
	if (temp1 != -1)
425
		close(temp1);
426
	if (temp2 != -1)
427
		close(temp2);
428
}
(-)openssh-5.2p1/log.h.log-chroot (+5 lines)
Lines 46-51 typedef enum { Link Here
46
	SYSLOG_LEVEL_NOT_SET = -1
46
	SYSLOG_LEVEL_NOT_SET = -1
47
}       LogLevel;
47
}       LogLevel;
48
48
49
50
extern int log_fd_keep;
51
49
void     log_init(char *, LogLevel, SyslogFacility, int);
52
void     log_init(char *, LogLevel, SyslogFacility, int);
50
53
51
SyslogFacility	log_facility_number(char *);
54
SyslogFacility	log_facility_number(char *);
Lines 66-69 void debug3(const char *, ...) __att Link Here
66
69
67
void	 do_log(LogLevel, const char *, va_list);
70
void	 do_log(LogLevel, const char *, va_list);
68
void	 cleanup_exit(int) __attribute__((noreturn));
71
void	 cleanup_exit(int) __attribute__((noreturn));
72
73
void     open_log(void);
69
#endif
74
#endif
(-)openssh-5.2p1/session.c.log-chroot (-1 / +3 lines)
Lines 1445-1450 safely_chroot(const char *path, uid_t ui Link Here
1445
	if (chdir(path) == -1)
1445
	if (chdir(path) == -1)
1446
		fatal("Unable to chdir to chroot path \"%s\": "
1446
		fatal("Unable to chdir to chroot path \"%s\": "
1447
		    "%s", path, strerror(errno));
1447
		    "%s", path, strerror(errno));
1448
	open_log ();
1448
	if (chroot(path) == -1)
1449
	if (chroot(path) == -1)
1449
		fatal("chroot(\"%s\"): %s", path, strerror(errno));
1450
		fatal("chroot(\"%s\"): %s", path, strerror(errno));
1450
	if (chdir("/") == -1)
1451
	if (chdir("/") == -1)
Lines 1636-1642 child_close_fds(void) Link Here
1636
	 * descriptors open.
1637
	 * descriptors open.
1637
	 */
1638
	 */
1638
	for (i = 3; i < 64; i++)
1639
	for (i = 3; i < 64; i++)
1639
		close(i);
1640
		if (i != log_fd_keep)
1641
			close(i);
1640
}
1642
}
1641
1643
1642
/*
1644
/*
(-)openssh-5.2p1/sshd.c.log-chroot (+4 lines)
Lines 590-595 privsep_preauth_child(void) Link Here
590
	/* Demote the private keys to public keys. */
590
	/* Demote the private keys to public keys. */
591
	demote_sensitive_data();
591
	demote_sensitive_data();
592
592
593
	/* Open the syslog permanently so the chrooted process still
594
	   can write to syslog. */
595
	open_log();
596
	
593
	/* Change our root directory */
597
	/* Change our root directory */
594
	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
598
	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
595
		fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
599
		fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,

Return to bug 1636