[syslog-ng]security patch for --chroot feature

[Scott Weikart]

Here's a patch to make the --chroot feature more secure.

1) At least with the Linux kernel, root can break out of a chroot
   jail:

	http://www.linuxsecurity.com/feature_stories/feature_story-99.html

   [I verified this to be true with a 2.2 kernel.]

   I'm not sure whether this is true for other kernels, and I'm not
   sure whether other kernels require the process to be root before
   a chroot can succeed.  So, my uid check may need to be ported.

2) With older Linux kernels, you could break out of a chroot jail if
   you didn't cd to the directory to which you will chroot.

3) I added checks to make sure that --user and/or --group work.  The
   most important check is to make sure that setuid succeeds (if
   --chroot was specified).

-scott

p.s. I'm not (yet) subscribed to the list.
==================================================================
--- main.c~	Wed Sep  4 07:52:25 2002
+++ main.c	Sun Oct 13 15:37:46 2002
@@ -481,6 +481,15 @@
 		return 2;
 	}
 	if (chroot_dir) {
+		if (!uid) {
+			werror("-C can be defeated without -u, exitting.\n");
+			return 3;
+		}
+
+		if (chdir(chroot_dir) < 0) {
+			werror("Error chdiring, exiting.\n");
+			return 3;
+		}
 		if (chroot(chroot_dir) < 0) {
 			werror("Error chrooting, exiting.\n");
 			return 3;
@@ -488,9 +497,18 @@
 	}
 	
 	if (uid || gid) {
-		setgid(gid);
-		setgroups(0, NULL);
-		setuid(uid);
+		if (gid && setgid(gid) < 0) {
+			werror("Error setgiding, exiting.\n");
+			return 4;
+		}
+		if (setgroups(0, NULL) < 0) {
+			werror("Error setgrouping, exiting.\n");
+			return 4;
+		}
+		if (uid && setuid(uid) < 0) {
+			werror("Error setuiding, exiting.\n");
+			return 4;
+		}
 	}
 
 	if (!debug_flag) {