1# Start syslogd with relative path. 2# The client writes a message to Sys::Syslog native method. 3# The syslogd writes it into a file and through a pipe. 4# The syslogd passes it via UDP to the loghost. 5# The server receives the message on its UDP socket. 6# Find the message in client, file, console, user, syslogd, server log. 7# Check fstat for root and working directory. 8# Check ktrace for chroot, chdir, exec. 9 10use strict; 11use warnings; 12 13our %args = ( 14 syslogd => { 15 chdir => "/usr/sbin", 16 execfile => $ENV{SYSLOGD} ? "../../$ENV{SYSLOGD}" : "./syslogd", 17 nopipe => 1, 18 fstat => { 19 qr/^root .* wd \/ / => 1, 20 qr/^root .* root / => 0, 21 qr/^_syslogd .* wd / => 1, 22 qr/^_syslogd .* root / => 1, 23 }, 24 ktrace => { 25 qr/CALL chroot/ => 1, 26 qr/CALL chdir/ => 2, 27 qr/CALL exec/ => 2, 28 }, 29 }, 30 pipe => { nocheck => 1 }, 31); 32 331; 34