syslog-ng2 -- startup directory leakage in the chroot environment

ID 75F2382E-B586-11DD-95F9-00E0815B8DA8
Type freebsd
Reporter FreeBSD
Modified 2009-07-01T00:00:00


Florian Grandel reports:

I have not had the time to analyze all of syslog-ng code. But by reading the code section near the chroot call and looking at strace results I believe that syslog-ng does not chdir to the chroot jail's location before chrooting into it. This opens up ways to work around the chroot jail.