Escape slashes etc in macro variables ($PROGRAM)
Howdy, Is there a option for escaping macro variables such as $PROGRAM? I've seen a couple of discussions about this on the list but they never seem to come to a conclusion. Case in point: I'm creating an output file macro like this: file("/var/log/$SOURCEIP.$PROGRAM.log" ... and Syslog-ng failes to write the file whenever $PROGRAM looks similar to "postfix/quemgr" since its then trying to "create" the directory postfix due to the slash. Of course, thats not what I want. Can this be circumvented somehow? Cheers! Goran
Hi, just a quick workaround idea: use a rewrite rule on the $PROGRAM field to change the slash to a different character, for example, a hyphen (-). See the docs for details: http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guide... HTH, Robert On 01/02/2012 12:36 PM, Göran Sandahl wrote:
Howdy,
Is there a option for escaping macro variables such as $PROGRAM? I've seen a couple of discussions about this on the list but they never seem to come to a conclusion.
Case in point:
I'm creating an output file macro like this:
file("/var/log/$SOURCEIP.$PROGRAM.log"
... and Syslog-ng failes to write the file whenever $PROGRAM looks similar to "postfix/quemgr" since its then trying to "create" the directory postfix due to the slash. Of course, thats not what I want.
Can this be circumvented somehow?
Cheers! Goran
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
This sounds like a significant security hole as well, as we have user input creating files and directories. I can't immediately think of how to do significant damage (assuming most run with non-root accounts) since it won't overwrite existing dirs, but I'm sure someone more crafty could figure out a way to add a .htaccess file to a web directory or something. On Mon, Jan 2, 2012 at 6:00 AM, Fekete Robert <frobert@balabit.hu> wrote:
Hi,
just a quick workaround idea: use a rewrite rule on the $PROGRAM field to change the slash to a different character, for example, a hyphen (-). See the docs for details: http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guide...
HTH,
Robert
On 01/02/2012 12:36 PM, Göran Sandahl wrote:
Howdy,
Is there a option for escaping macro variables such as $PROGRAM? I've seen a couple of discussions about this on the list but they never seem to come to a conclusion.
Case in point:
I'm creating an output file macro like this:
file("/var/log/$SOURCEIP.$PROGRAM.log"
... and Syslog-ng failes to write the file whenever $PROGRAM looks similar to "postfix/quemgr" since its then trying to "create" the directory postfix due to the slash. Of course, thats not what I want.
Can this be circumvented somehow?
Cheers! Goran
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Martin Holste <mcholste@gmail.com> writes:
This sounds like a significant security hole as well, as we have user input creating files and directories. I can't immediately think of how to do significant damage (assuming most run with non-root accounts) since it won't overwrite existing dirs, but I'm sure someone more crafty could figure out a way to add a .htaccess file to a web directory or something.
syslog-ng will refuse to write to files whose path contains "..", so the worst case is that subdirs can be created (but create_dirs(no) will "help" against that). -- |8]
Ok, but what about absolute directories? I'm assuming that something as simple as setting program to /etc/passwd will not work by default, but is there anything for users to be aware of? On Tue, Jan 3, 2012 at 9:39 AM, Gergely Nagy <algernon@balabit.hu> wrote:
Martin Holste <mcholste@gmail.com> writes:
This sounds like a significant security hole as well, as we have user input creating files and directories. I can't immediately think of how to do significant damage (assuming most run with non-root accounts) since it won't overwrite existing dirs, but I'm sure someone more crafty could figure out a way to add a .htaccess file to a web directory or something.
syslog-ng will refuse to write to files whose path contains "..", so the worst case is that subdirs can be created (but create_dirs(no) will "help" against that).
-- |8]
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On Tue, 2012-01-03 at 09:53 -0600, Martin Holste wrote:
Ok, but what about absolute directories? I'm assuming that something as simple as setting program to /etc/passwd will not work by default, but is there anything for users to be aware of?
If you add anything in front of the expanded macro, then you can't escape that, since syslog-ng will refuse to create files that contain '../' or '/..'. There's a new template function $(sanitize) in the 3.4 tree that can help escape the untrusted values, otherwise it is possible to create unwanted files/directories under a tree. -- Bazsi
participants (5)
-
Balazs Scheidler
-
Fekete Robert
-
Gergely Nagy
-
Göran Sandahl
-
Martin Holste