[syslog-ng] Escape slashes etc in macro variables ($PROGRAM)
Martin Holste
mcholste at gmail.com
Tue Jan 3 16:19:05 CET 2012
This sounds like a significant security hole as well, as we have user
input creating files and directories. I can't immediately think of
how to do significant damage (assuming most run with non-root
accounts) since it won't overwrite existing dirs, but I'm sure someone
more crafty could figure out a way to add a .htaccess file to a web
directory or something.
On Mon, Jan 2, 2012 at 6:00 AM, Fekete Robert <frobert at balabit.hu> wrote:
> Hi,
>
> just a quick workaround idea:
> use a rewrite rule on the $PROGRAM field to change the slash to a different
> character, for example, a hyphen (-).
> See the docs for details:
> http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guides/syslog-ng-ose-v3.3-guide-admin-en.html/modifying-messages.html
>
> HTH,
>
> Robert
>
> On 01/02/2012 12:36 PM, Göran Sandahl wrote:
>
>> Howdy,
>>
>> Is there a option for escaping macro variables such as $PROGRAM? I've seen a
>> couple of discussions about this on the list but they never seem to come to a
>> conclusion.
>>
>> Case in point:
>>
>> I'm creating an output file macro like this:
>>
>> file("/var/log/$SOURCEIP.$PROGRAM.log"
>>
>> ... and Syslog-ng failes to write the file whenever $PROGRAM looks similar to
>> "postfix/quemgr" since its then trying to "create" the directory postfix due to
>> the slash. Of course, thats not what I want.
>>
>> Can this be circumvented somehow?
>>
>> Cheers!
>> Goran
>>
>>
>>
>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
More information about the syslog-ng
mailing list