[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /dev/log

On Fri, Oct 05, 2001 at 07:41:48PM +0200, Samu wrote:
> hi,
> in these days there was a interesting thread about /dev/log  that has
> 666 mode and some possible DOS that can be made by any user by just
> printing random thrash with syslog(3) and fill up the /var/log 
> without being traced .
> one possible solution to that was to put /dev/log and to uid,gid syslog.syslog
> and then add every daemon which wants to write on log on gid syslog too.

it would be a huge effort to trace down every daemon/userland utility
that needs to do logging, and by the time you run them all with
gid=syslog privleges along with making many things setgid syslog users
won't have much trouble getting gid=syslog anyway.

this is only a local user problem, anyone breaking in over the network
to any deamon will end up with gid=syslog (or else the daemon won't
ever log anything which is worse).  

the syslog man page describes how to deal with lusers behaving in this
manner, it involves sucker rod.

Ethan Benson

Attachment: pgp09B8MBDMmt.pgp
Description: PGP signature

Reply to: