Bug#158090: security.debian.org: Easy for any user to fake messages into syslog
On Sun, Aug 25, 2002 at 09:17:51PM +0200, Martin Schulze wrote:
> Matt Zimmerman wrote:
> > > The socket is world writable, glibc's syslog() function writes
> > > to it, from any program. Restricting its write access to root
> > > would effectively disable syslogging.
> >
> > How so? Restricting its write access to root would still allow programs
> > running as root to use syslog. Making /dev/log group-writable and adding
> > users to a 'syslog' group would restrict syslog usage to those users
>
> Sure, but innd or nnrpd or postfix don't run as root, for example.
> That'd cause pain.
>
> However, the main problem is that POSIX doesn't restrict the use of
> syslog() and changing the output format for supporting uid/gid would
> break all kinds of scripts, I'm pretty sure. Even if people want that,
> it should be done in sync with all distributions, not only with Debian.
>
> However, those who would like to see such a feature, should be free
> to patch their glibc and use it.
... patch their syslogd and use it. The only thing glibc does is write
to /dev/log. What happens on the other end it can't control.
--
Daniel Jacobowitz
MontaVista Software Debian GNU/Linux Developer
Reply to: