On Fri, Oct 05, 2001 at 07:41:48PM +0200, Samu wrote: > hi, > in these days there was a interesting thread about /dev/log that has > 666 mode and some possible DOS that can be made by any user by just > printing random thrash with syslog(3) and fill up the /var/log > without being traced . > > one possible solution to that was to put /dev/log and to uid,gid syslog.syslog > and then add every daemon which wants to write on log on gid syslog too. it would be a huge effort to trace down every daemon/userland utility that needs to do logging, and by the time you run them all with gid=syslog privleges along with making many things setgid syslog users won't have much trouble getting gid=syslog anyway. this is only a local user problem, anyone breaking in over the network to any deamon will end up with gid=syslog (or else the daemon won't ever log anything which is worse). the syslog man page describes how to deal with lusers behaving in this manner, it involves sucker rod. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp09B8MBDMmt.pgp
Description: PGP signature