2013/12/12 Rainer Gerhards <[email protected]> > On Thu, Dec 12, 2013 at 2:02 PM, Radu Gheorghe <[email protected] > >wrote: > > > So, we can submit pull requests to the github repo now? > > > > > yupp, actually I got one or two in the past. >
Cool! Now I know what to do when I want to contribute :D > > sorry if I failed in stating this clearly enough. I keep both the rsyslog > git and the one on github in sync "manuall" (which boils down to a script > that dual pushes and as such there is no real effort). When I got started > with github -after a discussion like these- I was interested to see if this > would bring benefit. My peers at Adiscon were also watching and prepared to > move over, but we never saw any real reason to do so. I am still hesitant > if I don't see any real benefit. But as you can see, I've moved everything > of interest to github. > Again, this is very cool. Though the lack of interest might just be the self-fulfilling prophecy <http://en.wikipedia.org/wiki/Self-fulfilling_prophecy> in action. I was never aware of the github thing, and I can bet many others are in the same situation. For example, all the links to some bleeding-edge stuff you send on the list are from Adiscon's git, not github. When people are sending patches on the ML, we could point them to github. It might be easier&better for many. Now I know, and I'll say :) > > Again, if you could suggest additional ways to communicate - or even > better: help promote, I am all ears for this. > This is exactly what I wanted to say next. You could add something rsyslog.com, and/or the footer of any documentation page saying "Do you think this page can be improved? Let us know or send a pull request at...." I guess I can send a pull request with that footer, too :D Will do it at one point if time permits. Don't count on me on this front, though... And one more thing about the documentation. Do you think it's a good idea to convert the doc pages in RST or whatever displays nicely in GitHub and put them in the Wiki? Do you think it would be a complicated thing to do? I didn't have the time to research the subject yet, but I'm running this by you because if you think the idea sucks, research is futile :) Ways to promote? I don't know, tweet blog, I don't have any better ideas. I suck at this stuff, although I find it interesting. > > One final warning: while I use github for quite a bit now, I have not > really gotten started with its special features as there was never need. So > in the initial phase I may end up having some problems ;) Usually, when I > get a pull request, I just pull changes from whereever that git repo is. If > there is something special with github, I need to find out how to do it the > github way... > I'm no expert, either, but I'm sure that if it takes off and people start using it, you'll get suggestions on how to right the wrong :) > > Rainer > > > > 2013/12/12 Boylan, James <[email protected]> > > > > > I know I never submitted anything to the github side because I was > under > > > the impression that it was being refreshed from the primary git repo > and > > > not considered a repo you could submit to. I suspect there are others > who > > > thought that as well. > > > > > > -- James > > > > > > -----Original Message----- > > > From: [email protected] [mailto: > > > [email protected]] On Behalf Of Rainer Gerhards > > > Sent: Thursday, December 12, 2013 5:18 AM > > > To: rsyslog-users > > > Subject: Re: [rsyslog] Insecure configurations using Rsyslog property > > > replacer > > > > > > On Thu, Dec 12, 2013 at 12:10 PM, Boylan, James < > [email protected] > > > >wrote: > > > > > > > Rainer? > > > > > > > > If I wanted to submit a doc patch, where is the repo I would Fork? > > > > > > > > https://github.com/rgerhards > > > > > > We didn't take any further steps for moving the "official" repo, as > > github > > > seems to have not affected contributions and such. Maybe not enough PR > > done > > > (another 24h thing...). suggestions on how to make this better known > are > > > very welcome. > > > > > > Rainer > > > > > > > > > > -- James > > > > -- Sent from my mobile -- > > > > > > > > ----- Reply message ----- > > > > From: "Rainer Gerhards" <[email protected]> > > > > To: "rsyslog-users" <[email protected]> > > > > Subject: [rsyslog] Insecure configurations using Rsyslog property > > > > replacer > > > > Date: Thu, Dec 12, 2013 4:34 AM > > > > > > > > On Thu, Dec 12, 2013 at 2:27 AM, Luca Carettoni < > > > > [email protected] > > > > > wrote: > > > > > > > > > Hello folks, > > > > > By googling for example configurations and templates, I've noticed > a > > > > fairly > > > > > common insecure configuration and I would like to get your opinion > > > > > on > > > > this > > > > > matter. > > > > > > > > > > It's a common practice to use property replacers (like %hostname% > > > > > and > > > > > %syslogtag%) to ship logs to specific files. > > > > > For instance, $template logFile,"/var/log/%HOSTNAME%.log" and > > similar. > > > > > > > > > > By looking at the documentation and all those examples, it's > however > > > > > not clear that those properties are directly parsed by rsyslogd > from > > > > > the user-supplied event messages while trying to parse > > > > > RFC3164-formatted messages. > > > > > > > > > > > > > > Well.. where else should the stem from ;) > > > > > > > > > > > > > I started looking at the source code and noticed that those > > > > > properties > > > > are > > > > > derived in pmrfc3164.c. > > > > > A whitelist approach has been used to allow alphanumeric, ".", > > "_","-" > > > > > chars thus preventing common security issues (e.g. directory > > > traversal). > > > > > Although it doesn't seem possible to override existent files > either, > > > > > a remote attacker would still be able to create new files and/or > > > > directories. > > > > > Eventually, this may allow to reach inodes limit and potentially > > > > > result > > > > in > > > > > a denial of service. > > > > > > > > > > > > > > This is not for security, but for RFC rules. The rfc 5424 parser has > > > > different rules. > > > > > > > > > > > > > Besides removing property replacers, is there any other workaround > > > (e.g. > > > > > limit #events/sender/seconds)? > > > > > > > > > > > > > > The property replacer's SecurePath option is meant to deal with that. > > > > I agree it's not easy to find and "elaborately" documented: > > > > > > > > http://blog.gerhards.net/2013/05/moving-to-github.html > > > > > > > > Would it be possible to update the documentation (e.g. > > > > > http://www.rsyslog.com/doc/property_replacer.html) and include > those > > > > > considerations? Kind of "use at your own risk" warning. > > > > > > > > > > > > > > A doc patch is happily accepted. Looking forward to it! > > > > > > > > Rainer > > > > > > > > > Cheers, > > > > > Luca > > > > > > > > > > -- > > > > > > > > > > Luca Carettoni <[email protected]> > > > > > _______________________________________________ > > > > > rsyslog mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > > http://www.rsyslog.com/professional-services/ > > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > > > > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > > > > > you DON'T LIKE THAT. > > > > > > > > > _______________________________________________ > > > > rsyslog mailing list > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > http://www.rsyslog.com/professional-services/ > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > > > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of > > > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > > > DON'T LIKE THAT. > > > > _______________________________________________ > > > > rsyslog mailing list > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > http://www.rsyslog.com/professional-services/ > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > > > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of > > > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > > > DON'T LIKE THAT. > > > > > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > WELL: > > > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites > > > beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE > > > THAT. > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > > DON'T LIKE THAT. > > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
