[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /dev/log



On Fri, Oct 05, 2001 at 07:41:48PM +0200, Samu wrote:
> hi,
> in these days there was a interesting thread about /dev/log  that has
> 666 mode and some possible DOS that can be made by any user by just
> printing random thrash with syslog(3) and fill up the /var/log 
> without being traced .
> 
> one possible solution to that was to put /dev/log and to uid,gid syslog.syslog
> and then add every daemon which wants to write on log on gid syslog too.

it would be a huge effort to trace down every daemon/userland utility
that needs to do logging, and by the time you run them all with
gid=syslog privleges along with making many things setgid syslog users
won't have much trouble getting gid=syslog anyway.

this is only a local user problem, anyone breaking in over the network
to any deamon will end up with gid=syslog (or else the daemon won't
ever log anything which is worse).  

the syslog man page describes how to deal with lusers behaving in this
manner, it involves sucker rod.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp6RlzEI57zv.pgp
Description: PGP signature


Reply to: