Bug#158090: security.debian.org: Easy for any user to fake messages into syslog

To: Martin Schulze <joey@infodrom.org>
Cc: 158090@bugs.debian.org, Matt Zimmerman <mdz@debian.org>, Deepak Goel <deego@gnufans.redirectme.net>
Subject: Bug#158090: security.debian.org: Easy for any user to fake messages into syslog
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Mon, 26 Aug 2002 11:49:53 +0200
Message-id: <[🔎] 87wuqej6f2.fsf@CERT.Uni-Stuttgart.DE>
Reply-to: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>, 158090@bugs.debian.org
In-reply-to: <[🔎] 20020825191751.GO29052@finlandia.infodrom.north.de> (Martin Schulze's message of "Sun, 25 Aug 2002 21:17:51 +0200")
References: <E17iqok-0003En-00@computer> <20020825151540.GW12945@alcor.net> <20020825175702.GH29052@finlandia.infodrom.north.de> <[🔎] 20020825190402.GA12945@alcor.net> <[🔎] 20020825191751.GO29052@finlandia.infodrom.north.de>

Martin Schulze <joey@infodrom.org> writes:

> However, those who would like to see such a feature, should be free
> to patch their glibc and use it.

Eh, you don't have to patch libc, you'd have to patch syslogd (and
possibly the kernel, but maybe you could obtain trustworthy
information from /proc without kernel modification).

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

Reply to:

References:
- Bug#158090: security.debian.org: Easy for any user to fake messages into syslog
  - From: Matt Zimmerman <mdz@debian.org>
- Bug#158090: security.debian.org: Easy for any user to fake messages into syslog
  - From: Martin Schulze <joey@infodrom.org>

Prev by Date: Re: summary
Next by Date: Bug#158354: libc6: Missing MD5SUMs for libc6 package
Previous by thread: Bug#158090: security.debian.org: Easy for any user to fake messages into syslog
Next by thread: glibc build breakage
Index(es):
- Date
- Thread