Re: syslogd(8) and chroot

[Sad Clouds]

On Tue, 24 Sep 2024 14:20:02 +0100
Sad Clouds <cryintotheblue...@gmail.com> wrote:

> Hi, does anyone know why NetBSD syslogd implicitly calls chroot, when it
> was not requested to do so via -t option?
> 
> $ syslogd 
> syslogd: Failed to chroot to `/': Operation not permitted
> syslogd: Fatal error, exiting
> 
> This prevents syslogd from running as unprivileged user in chroot jail.
> Is there any security benefit of calling chroot on / directory?
> 
> I know syslogd can give up root permissions, etc, but I'm playing
> around with chroot partitions to simulate zones/jails and trying to see
> how many daemons can be used as unprivileged user.

Well, I just patched syslogd and can now run it as unprivileged user.
I think the original code where it calls chroot("/") is probably a bug
or an oversight.

$ id
uid=50000(admin) gid=50000(admin) groups=50000(admin)

$ syslogd -u admin -g admin -s

$ ps aux | grep syslog
USER      PID %CPU %MEM   VSZ   RSS TTY   STAT STARTED    TIME COMMAND
admin   19165  0.0  0.2 18496  1752 ?     Is    7:20PM 0:00.01 syslogd -u admin 
-g admin -s 


$ diff -u ./usr.sbin/syslogd/syslogd.c.orig ./usr.sbin/syslogd/syslogd.c
--- ./usr.sbin/syslogd/syslogd.c.orig   2024-09-24 19:55:21.464455835 +0100
+++ ./usr.sbin/syslogd/syslogd.c        2024-09-24 20:00:17.312543067 +0100
@@ -310,7 +310,7 @@
        gid_t gid = 0;
        char *user = NULL;
        char *group = NULL;
-       const char *root = "/";
+       const char *root = NULL;
        char *endp;
        struct group   *gr;
        struct passwd  *pw;
@@ -478,7 +478,7 @@
                }
        }
 
-       if (access(root, F_OK | R_OK)) {
+       if (root != NULL && access(root, F_OK | R_OK)) {
                logerror("Cannot access `%s'", root);
                die(0, 0, NULL);
        }
@@ -563,10 +563,13 @@
        /*
         * All files are open, we can drop privileges and chroot
         */
-       DPRINTF(D_MISC, "Attempt to chroot to `%s'\n", root);
-       if (chroot(root) == -1) {
-               logerror("Failed to chroot to `%s'", root);
-               die(0, 0, NULL);
+       if (root != NULL)
+       {
+               DPRINTF(D_MISC, "Attempt to chroot to `%s'\n", root);
+               if (chroot(root) == -1) {
+                       logerror("Failed to chroot to `%s'", root);
+                       die(0, 0, NULL);
+               }
        }
        DPRINTF(D_MISC, "Attempt to set GID/EGID to `%d'\n", gid);
        if (setgid(gid) || setegid(gid)) {