Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Syslog and Chrooted application's logs
On Sunday 27 January 2002 20:24, Steffen Dettmer wrote:
> * Togan Muftuoglu wrote on Sun, Jan 27, 2002 at 20:51 +0200:

> > I have Chrooted bind loging properly to the main system log while
> > chrooted apache persists to log "/jail/apache/var/log/httpd"
>
> You "chroot /jail", yes? Did you configured apache to log to
> /apache/var/log/httpd.log? Of course apache cannot see /jail,
> since it's chrooted. AFAIK, it's not possible to configure apache
> to log via syslog.

It does allow you to log to programs, they have examples in the Apache
logrotate info. Perhaps logging into a script which calls logger(1) would be
a solution.

/home/rob> ldd `which logger`
libc.so.6 => /lib/libc.so.6 (0x4002e000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

Looks like only libc, so it should be feasible to run in a chroot. How safe
is a Linux chroot(2)? I know that Open BSD has fixes and some notes about
chroot(2) problems, and also Free BSD has introduced a jail(2). AFAIK a
security workround for the chroot area against breakouts sufficed, that was
to alter '..' link to point to inode of '.' in the root of the chroot
filesystem, at price of confusing programs like find(1).

/home/rob> ls -lid /{,..,.}
2 drwxr-xr-x 21 root root 507 Jan 23 23:18 /
2 drwxr-xr-x 21 root root 507 Jan 23 23:18 /
2 drwxr-xr-x 21 root root 507 Jan 23 23:18 /.

Rob

< Previous Next >