Subject: | escape escapes |
Many people use syslog() unaware of possible "code injection" schemes,
especially when syslog is used in trace mode where raw incoming data is
logged before processing.
Simple example: a cgi script receives form data and logs this before
inspecting it at detail. The data contains escape codes, which are sent
through syslog() to log-files. The log-files (on UNIX/Linux) are
usually only readible by root. The super-user opens the logfile with
'vi' (and friends), which prints the escape codes to the xterm. Some
escape codes are more dangerous than other.
Where we cannot change the behavior of the kernel syslog()
implementation, we can protect root from (unknowingly) unsafe behavior
of Perl programmers. Syslog should replace the non-printables. For
instance, an escape code should be rewritten into \x1b, \e or <esc>
AFAIK, there is no (core) module which can un-arm dangerous strings. It
could be a useful general extension of Encode or even PerlIO. There
could be one standard conversion choice, or it can be made configurable.
Suggested interface:
openlog $name, "pid,encoding(utf-8),escape(hex)", "local1";
openlog $name, "pid,raw,unsafe", "local2"; #currently