[1564] in bugtraq
Re: syslog (WAS: chroot'ed environment?)
daemon@ATHENA.MIT.EDU (Marc Samama)
Thu Apr 20 23:01:04 1995
Date: Fri, 21 Apr 1995 09:59:14 +0900
From: Marc Samama <marc@tky.icdc.fr>
To: mouse@Collatz.McRCIM.McGill.EDU
Cc: bugtraq@fc.net
> An idea which just occurred to me, not tested at all. If you can
> connect() an AF_UNIX SOCK_DGRAM socket (and I'm not sure you can), the
> association with its peer might survive a chroot that renders the
> original pathname inaccessible. If this is so, it could provide an
> answer.
Actually, it is exactly what I have done yesterday. It is pretty easy (check the
INET_SYSLOG define from BSD's libc/syslog.c) and it works very well. I didnt
have to change anything from what I installed previously. (syslogd, /dev/syslog
or whatever.)
I didnt like very much the idea of putting /dev/syslog in the ftp area,
so I choose to do this.
The only thing that bothers me is that I didnt want syslogd to listen on its
UDP port, but i guess I will just check the address of the incoming packets
against the loopback address. (Didn't try that yet, thougth.)
Marc.
