Just a quick note:
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:rsyslog-
> [EMAIL PROTECTED] On Behalf Of Jan-Frode Myklebust
> Sent: Friday, November 21, 2008 6:35 PM
> To: [email protected]
> Subject: Re: [rsyslog] rsyslogd security questions/comments
> I'm an itsy bit worried
> that
> something like this:
>
> $template PerAppLogs,"/var/log/apps/%programname%.log"
> *.* -?PerAppLogs
>
> could be tricked to write to unexpected places if you mess with
> %programname%, or other similar variables that the sender has
> complete
> controle over.
Definitely. Though not a complete cure, the secpath-* property replacer
options prevent at least slashes inside programname. I know this is not
100% bullet proof, but it should be applied. Otherwise, you don't need a
malicious user, a simple program error is sufficient to screw up things.
So the template is suggested to be
$template
PerAppLogs,"/var/log/apps/%programname:::secpath-replace%.log"
>From the doc:
---
secpath-replace Replace slashes inside the field by an
underscore. (e.g. "a/b" becomes "a_b"). Useful for secure pathname
generation (with dynafiles).
---
Full source at http://www.rsyslog.com/doc-property_replacer.html
I just thought I mention it.
Rainer
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
