Attachment 1680 Details for Bug 1636 – Patch solving the problem

[patch] Patch solving the problem

log-chroot.patch (text/plain), 3.29 KB, created by jchadima on 2009-08-28 15:33:45 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: jchadima

Created: 2009-08-28 15:33:45 AEST

Size: 3.29 KB

patch

obsolete

>diff -up openssh-5.2p1/log.c.log-chroot openssh-5.2p1/log.c
>--- openssh-5.2p1/log.c.log-chroot	2008-06-10 15:01:51.000000000 +0200
>+++ openssh-5.2p1/log.c	2009-08-08 10:17:52.950444289 +0200
>@@ -45,6 +45,7 @@
> #include <syslog.h>
> #include <unistd.h>
> #include <errno.h>
>+#include <fcntl.h>
> #if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
> # include <vis.h>
> #endif
>@@ -56,6 +57,7 @@ static LogLevel log_level = SYSLOG_LEVEL
> static int log_on_stderr = 1;
> static int log_facility = LOG_AUTH;
> static char *argv0;
>+int log_fd_keep = 0;
> 
> extern char *__progname;
> 
>@@ -310,6 +312,8 @@ log_init(char *av0, LogLevel level, Sysl
> 		exit(1);
> 	}
> 
>+	if (log_fd_keep != 0)
>+		return;
> 	/*
> 	 * If an external library (eg libwrap) attempts to use syslog
> 	 * immediately after reexec, syslog may be pointing to the wrong
>@@ -392,10 +396,33 @@ do_log(LogLevel level, const char *fmt, 
> 		syslog_r(pri, &sdata, "%.500s", fmtbuf);
> 		closelog_r(&sdata);
> #else
>+	    if (!log_fd_keep) {
> 		openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility);
>+	    }
> 		syslog(pri, "%.500s", fmtbuf);
>+	    if (!log_fd_keep) {
> 		closelog();
>+	    }
> #endif
> 	}
> 	errno = saved_errno;
> }
>+
>+void
>+open_log(void)
>+{
>+	int temp1, temp2;
>+
>+	temp1 = open("/dev/null", O_RDONLY);
>+	openlog(argv0 ? argv0 : __progname, LOG_PID|LOG_NDELAY, log_facility);
>+	temp2 = open("/dev/null", O_RDONLY);
>+	if (temp1 + 2 ==  temp2)
>+		log_fd_keep = temp1 + 1;
>+	else 
>+		log_fd_keep = -1;
>+
>+	if (temp1 != -1)
>+		close(temp1);
>+	if (temp2 != -1)
>+		close(temp2);
>+}
>diff -up openssh-5.2p1/log.h.log-chroot openssh-5.2p1/log.h
>--- openssh-5.2p1/log.h.log-chroot	2008-06-13 02:22:54.000000000 +0200
>+++ openssh-5.2p1/log.h	2009-08-08 10:17:52.950444289 +0200
>@@ -46,6 +46,9 @@ typedef enum {
> 	SYSLOG_LEVEL_NOT_SET = -1
> }       LogLevel;
> 
>+
>+extern int log_fd_keep;
>+
> void     log_init(char *, LogLevel, SyslogFacility, int);
> 
> SyslogFacility	log_facility_number(char *);
>@@ -66,4 +69,6 @@ void     debug3(const char *, ...) __att
> 
> void	 do_log(LogLevel, const char *, va_list);
> void	 cleanup_exit(int) __attribute__((noreturn));
>+
>+void     open_log(void);
> #endif
>diff -up openssh-5.2p1/session.c.log-chroot openssh-5.2p1/session.c
>--- openssh-5.2p1/session.c.log-chroot	2009-01-28 06:29:49.000000000 +0100
>+++ openssh-5.2p1/session.c	2009-08-08 10:17:52.955407792 +0200
>@@ -1445,6 +1445,7 @@ safely_chroot(const char *path, uid_t ui
> 	if (chdir(path) == -1)
> 		fatal("Unable to chdir to chroot path \"%s\": "
> 		    "%s", path, strerror(errno));
>+	open_log ();
> 	if (chroot(path) == -1)
> 		fatal("chroot(\"%s\"): %s", path, strerror(errno));
> 	if (chdir("/") == -1)
>@@ -1636,7 +1637,8 @@ child_close_fds(void)
> 	 * descriptors open.
> 	 */
> 	for (i = 3; i < 64; i++)
>-		close(i);
>+		if (i != log_fd_keep)
>+			close(i);
> }
> 
> /*
>diff -up openssh-5.2p1/sshd.c.log-chroot openssh-5.2p1/sshd.c
>--- openssh-5.2p1/sshd.c.log-chroot	2009-01-28 06:31:23.000000000 +0100
>+++ openssh-5.2p1/sshd.c	2009-08-08 10:17:52.950444289 +0200
>@@ -590,6 +590,10 @@ privsep_preauth_child(void)
> 	/* Demote the private keys to public keys. */
> 	demote_sensitive_data();
> 
>+	/* Open the syslog permanently so the chrooted process still
>+	   can write to syslog. */
>+	open_log();
>+	
> 	/* Change our root directory */
> 	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
> 		fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,

Flags:

djm: ok-

Actions: View | Diff

Attachments on bug 1636: 1680