syslog-ng*.conf may source third party code¶

Labels: cleanup, discuss / RFC, critical / security / legal

jsmeix opened issue at 2024-07-23 09:14:¶

See
https://github.com/rear/rear/issues/3285#issuecomment-2239066391
which reads (excerpts):

usr/share/rear/skel/default/etc/syslog-ng-v3.conf
is

@version: VERSION
# Send everything to /dev/tty12

options { create_dirs (yes); };
source src {
   internal();
   unix-dgram("/dev/log");
   file("/proc/kmsg");
};
destination console { file("/dev/tty12"); };
destination messages { file("/var/log/messages"); };
log { source(src); destination(console); };
log { source(src); destination(messages); };

and
usr/share/rear/skel/default/etc/syslog-ng.conf
is

# Send everything to /dev/tty12

options { long_hostnames(off); sync(0); };
source src {
        internal();
        unix-dgram("/dev/log");
};
destination console { file("/dev/tty12"); };
destination messages { file("/var/log/messages"); };
log { source(src); destination(console); };
log { source(src); destination(messages); };

At least at first glance I cannot make sense of it.

Perhaps party code could be sourced here?

@rear/contributors
it should be verified before the ReaR 3.0 release
if third party code could be sourced here
or if it is reasonably safe.

[Export of Github issue for rear/rear.]

#3291 Issue open: skel/default/etc/syslog-ng*.conf may source third party code¶

jsmeix opened issue at 2024-07-23 09:14:¶

#3291 Issue `open`: skel/default/etc/syslog-ng*.conf may source third party code¶