vishalmishra434 / rpms / openssh

Forked from rpms/openssh 3 months ago
Clone
Tomáš Mráz 93a474
diff -up openssh-5.1p1/sshd.c.log-chroot openssh-5.1p1/sshd.c
Tomáš Mráz 93a474
--- openssh-5.1p1/sshd.c.log-chroot	2008-07-23 15:18:52.000000000 +0200
Tomáš Mráz 93a474
+++ openssh-5.1p1/sshd.c	2008-07-23 15:18:52.000000000 +0200
Tomáš Mráz 93a474
@@ -591,6 +591,10 @@ privsep_preauth_child(void)
Tomáš Mráz c9833c
 	/* Demote the private keys to public keys. */
Tomáš Mráz c9833c
 	demote_sensitive_data();
Tomáš Mráz e01ed6
 
Tomáš Mráz c9833c
+	/* Open the syslog permanently so the chrooted process still
Tomáš Mráz c9833c
+	   can write to syslog. */
Tomáš Mráz c9833c
+	open_log();
Tomáš Mráz c9833c
+	
Tomáš Mráz c9833c
 	/* Change our root directory */
Tomáš Mráz c9833c
 	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
Tomáš Mráz c9833c
 		fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
Tomáš Mráz 93a474
diff -up openssh-5.1p1/log.c.log-chroot openssh-5.1p1/log.c
Tomáš Mráz 93a474
--- openssh-5.1p1/log.c.log-chroot	2008-06-10 15:01:51.000000000 +0200
Tomáš Mráz 93a474
+++ openssh-5.1p1/log.c	2008-07-23 15:18:52.000000000 +0200
Jan F. Chadima 061e21
@@ -45,6 +45,7 @@
Jan F. Chadima 061e21
 #include <syslog.h>
Jan F. Chadima 061e21
 #include <unistd.h>
Jan F. Chadima 061e21
 #include <errno.h>
Jan F. Chadima 061e21
+#include <fcntl.h>
Jan F. Chadima 061e21
 #if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
Jan F. Chadima 061e21
 # include <vis.h>
Jan F. Chadima 061e21
 #endif
Jan F. Chadima 061e21
@@ -56,6 +57,7 @@
Tomáš Mráz e01ed6
 static int log_on_stderr = 1;
Tomáš Mráz e01ed6
 static int log_facility = LOG_AUTH;
Tomáš Mráz e01ed6
 static char *argv0;
Jan F. Chadima 061e21
+int log_fd_keep = 0;
Tomáš Mráz e01ed6
 
Tomáš Mráz e01ed6
 extern char *__progname;
Tomáš Mráz e01ed6
 
Jan F. Chadima 061e21
@@ -310,6 +312,8 @@
Jan F. Chadima 061e21
 		exit(1);
Jan F. Chadima 061e21
 	}
Jan F. Chadima 061e21
 
Jan F. Chadima 061e21
+	if (log_fd_keep != 0)
Jan F. Chadima 061e21
+		return;
Jan F. Chadima 061e21
 	/*
Jan F. Chadima 061e21
 	 * If an external library (eg libwrap) attempts to use syslog
Jan F. Chadima 061e21
 	 * immediately after reexec, syslog may be pointing to the wrong
Jan F. Chadima 061e21
@@ -392,10 +396,33 @@
Tomáš Mráz e01ed6
 		syslog_r(pri, &sdata, "%.500s", fmtbuf);
Tomáš Mráz e01ed6
 		closelog_r(&sdata);
Tomáš Mráz e01ed6
 #else
Tomáš Mráz e01ed6
+	    if (!log_fd_keep) {
Tomáš Mráz e01ed6
 		openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility);
Tomáš Mráz e01ed6
+	    }
Tomáš Mráz e01ed6
 		syslog(pri, "%.500s", fmtbuf);
Tomáš Mráz e01ed6
+	    if (!log_fd_keep) {
Tomáš Mráz e01ed6
 		closelog();
Tomáš Mráz e01ed6
+	    }
Tomáš Mráz e01ed6
 #endif
Tomáš Mráz e01ed6
 	}
Tomáš Mráz c9833c
 	errno = saved_errno;
Tomáš Mráz e01ed6
 }
Tomáš Mráz e01ed6
+
Tomáš Mráz e01ed6
+void
Tomáš Mráz e01ed6
+open_log(void)
Tomáš Mráz e01ed6
+{
Jan F. Chadima 061e21
+	int temp1, temp2;
Jan F. Chadima 061e21
+
Jan F. Chadima 061e21
+	temp1 = open("/dev/null", O_RDONLY);
Tomáš Mráz e01ed6
+	openlog(argv0 ? argv0 : __progname, LOG_PID|LOG_NDELAY, log_facility);
Jan F. Chadima 061e21
+	temp2 = open("/dev/null", O_RDONLY);
Jan F. Chadima 061e21
+	if (temp1 + 2 ==  temp2)
Jan F. Chadima 061e21
+		log_fd_keep = temp1 + 1;
Jan F. Chadima 061e21
+	else 
Jan F. Chadima 061e21
+		log_fd_keep = -1;
Jan F. Chadima 061e21
+
Jan F. Chadima 061e21
+	if (temp1 != -1)
Jan F. Chadima 061e21
+		close(temp1);
Jan F. Chadima 061e21
+	if (temp2 != -1)
Jan F. Chadima 061e21
+		close(temp2);
Tomáš Mráz e01ed6
+}
Tomáš Mráz 93a474
diff -up openssh-5.1p1/log.h.log-chroot openssh-5.1p1/log.h
Tomáš Mráz 93a474
--- openssh-5.1p1/log.h.log-chroot	2008-06-13 02:22:54.000000000 +0200
Tomáš Mráz 93a474
+++ openssh-5.1p1/log.h	2008-07-23 15:20:11.000000000 +0200
Jan F. Chadima 061e21
@@ -46,6 +46,9 @@
Jan F. Chadima 061e21
 	SYSLOG_LEVEL_NOT_SET = -1
Jan F. Chadima 061e21
 }       LogLevel;
Jan F. Chadima 061e21
 
Jan F. Chadima 061e21
+
Jan F. Chadima 061e21
+extern int log_fd_keep;
Jan F. Chadima 061e21
+
Jan F. Chadima 061e21
 void     log_init(char *, LogLevel, SyslogFacility, int);
Jan F. Chadima 061e21
 
Jan F. Chadima 061e21
 SyslogFacility	log_facility_number(char *);
Jan F. Chadima 061e21
@@ -66,4 +69,6 @@
Tomáš Mráz e01ed6
 
Tomáš Mráz c9833c
 void	 do_log(LogLevel, const char *, va_list);
Tomáš Mráz 93a474
 void	 cleanup_exit(int) __attribute__((noreturn));
Tomáš Mráz c9833c
+
Tomáš Mráz c9833c
+void     open_log(void);
Tomáš Mráz c9833c
 #endif
Jan F. Chadima 061e21
--- openssh-5.2p1/session.c.	2009-03-20 18:32:01.004151364 +0100
Jan F. Chadima 061e21
+++ openssh-5.2p1/session.c	2009-03-20 19:00:28.328742384 +0100
Jan F. Chadima 061e21
@@ -1445,6 +1456,7 @@
Jan F. Chadima 061e21
 	if (chdir(path) == -1)
Jan F. Chadima 061e21
 		fatal("Unable to chdir to chroot path \"%s\": "
Jan F. Chadima 061e21
 		    "%s", path, strerror(errno));
Jan F. Chadima 061e21
+	open_log ();
Jan F. Chadima 061e21
 	if (chroot(path) == -1)
Jan F. Chadima 061e21
 		fatal("chroot(\"%s\"): %s", path, strerror(errno));
Jan F. Chadima 061e21
 	if (chdir("/") == -1)
Jan F. Chadima 061e21
@@ -1632,7 +1644,8 @@
Jan F. Chadima 061e21
 	 * descriptors open.
Jan F. Chadima 061e21
 	 */
Jan F. Chadima 061e21
 	for (i = 3; i < 64; i++)
Jan F. Chadima 061e21
-		close(i);
Jan F. Chadima 061e21
+		if (i != log_fd_keep)
Jan F. Chadima 061e21
+			close(i);
Jan F. Chadima 061e21
 }
Jan F. Chadima 061e21
 
Jan F. Chadima 061e21
 /*