Package: syslog-ng Version: 2.0.9-1ubuntu3 Severity: grave Tags: security Justification: user security hole
I have not had the time to analyze all of syslog-ng code. But by reading the code section near the chroot call and looking at strace results I believe that syslog-ng does not chdir to the chroot jail's location before chrooting into it. This opens up ways to work around the chroot jail. See http://www.unixwiz.net/techtips/chroot-practices.html (especially the point "Explicitly chdir into the jail") I'll see whether I can provide a patch at a later stage. -- System Information: syslog-ng V2.0.9 -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
