[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#158090: security.debian.org: Easy for any user to fake messages into syslog

On Sun, Aug 25, 2002 at 09:17:51PM +0200, Martin Schulze wrote:
> Matt Zimmerman wrote:
> > > The socket is world writable, glibc's syslog() function writes
> > > to it, from any program.  Restricting its write access to root
> > > would effectively disable syslogging.
> > 
> > How so?  Restricting its write access to root would still allow programs
> > running as root to use syslog.  Making /dev/log group-writable and adding
> > users to a 'syslog' group would restrict syslog usage to those users
> 
> Sure, but innd or nnrpd or postfix don't run as root, for example.
> That'd cause pain.
> 
> However, the main problem is that POSIX doesn't restrict the use of
> syslog() and changing the output format for supporting uid/gid would
> break all kinds of scripts, I'm pretty sure.  Even if people want that,
> it should be done in sync with all distributions, not only with Debian.
> 
> However, those who would like to see such a feature, should be free
> to patch their glibc and use it.

... patch their syslogd and use it.  The only thing glibc does is write
to /dev/log.  What happens on the other end it can't control.

-- 
Daniel Jacobowitz
MontaVista Software                         Debian GNU/Linux Developer
Reply to: