Date: Mon, 24 Oct 2011 17:16:09 +0200 From: Paul Schenkeveld <freebsd@psconsult.nl> To: freebsd-ports@freebsd.org Subject: syslog-ng1 Message-ID: <20111024151609.GA37980@psconsult.nl>
next in thread | raw e-mail | index | archive | help
Hello, Recently sysutils/syslog-ng (version 1) moved to sysutils/syslog-ng1 and version 3 became the standard. The Makefile for syslog-ng1 says: DEPRECATED= Suggested by syslog-ng upline, no longer supported FORBIDDEN= Vulnerable since 2008-11-18, http://portaudit.freebsd.org/75f2382e-b586-11dd-95f9-00e0815b8da8.html and portaudit.freebsd.org says: I have not had the time to analyze all of syslog-ng code. But by reading the code section near the chroot call and looking at strace results I believe that syslog-ng does not chdir to the chroot jail's location before chrooting into it. This opens up ways to work around the chroot jail. However, if I look at the code (main.c function main() near line 514): if (chroot_dir) { if (chdir(chroot_dir) < 0) { werror("Error chdiring, exiting.\n"); return 3; } if (chroot(".") < 0) { werror("Error chrooting, exiting.\n"); return 3; } } it looks like the chdir is already present (main.c dates back to Mar 14, 2006). This is the only occurrence of chroot() in the sources. Am I missing something here? My reason for bothering is that I use syslog-ng on man systems that have no persistent storage to send logging to a central logserver over TCP. Syslog-ng versions 2 and 3 pull in way too many ports to be useful in embedded systems so I'd really like to see version 1 survive, unless someone else has a suggestion for a replacement. BTW, the log servers also run syslog-ng and our configuration uses too many features of -ng to switch to another syslog replacement but we can consider using version 2 or 3 there. What does it take to keep version 1 maintained and in the ports tree? Best regards, Paul Schenkeveld
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111024151609.GA37980>