[syslog-ng] Inconsistent Command Line Arguments
Leonid Chaichenets
chaichenets at int.uni-karlsruhe.de
Sat Jun 20 18:41:11 CEST 2009
Hello List,
there seems to be a problem with the command line parameter list of
syslog-ng (tested for ver. 3.0.2): from what I understand from the
source code command line parameters are defined in gprocess.c
(g_process_option_entries[]) and in main.c (syslogng_options[]). Only
the latter are described by syslog-ng --help (but both of them are
usable).
Furthermore, the short version of '--chroot' should be '-C', according
to the syslog-ng administration guide (The syslog-ng manual pages ->
syslog-ng), but '-C' is defined in gprocess.c as "Set default
capability set". According to gprocess.c the correct short version for
'--chroot' would be '-R', but it collides and is overridden by the
short version of the same name from main.c (there it means
"persist-file").
IMHO this is a security relevant bug: one might think syslog-ng is
running chrooted while it actually has root powers.
PS: This also applies to the git-versions syslog-ng-3.0.git and
syslog-ng-3.1.git.
--
Best Regards,
Leonid Chaichenets.
More information about the syslog-ng
mailing list