Re: /dev/log

To: debian-security@lists.debian.org
Subject: Re: /dev/log
From: Chris Matta <chris@coolass.net>
Date: Tue, 9 Oct 2001 11:07:00 -0400
Message-id: <63378966354.20011009110700@coolass.net>
Reply-to: Chris Matta <chris@coolass.net>
In-reply-to: <20011005194148.A12229@linuxasylum.net>
References: <20011005194148.A12229@linuxasylum.net>

The very nature of syslog allows any system to log to it from a
machine that set it is a loghost, so while there may be a DOS to fill
up /var/log, its also a "feature" of syslogd.

-- 
 Chris                            mailto:chris@coolass.net


Friday, October 05, 2001, 1:41:48 PM, you wrote:

S> hi,
S> in these days there was a interesting thread about /dev/log  that has
S> 666 mode and some possible DOS that can be made by any user by just
S> printing random thrash with syslog(3) and fill up the /var/log 
S> without being traced .

S> one possible solution to that was to put /dev/log and to uid,gid syslog.syslog
S> and then add every daemon which wants to write on log on gid syslog too.

S> what do you think ?? Will debian reolve it ?

S> thanks
S> Samuele

Reply to:

References:
- /dev/log
  - From: Samu <samu@linuxasylum.net>

Prev by Date: Re: apache log entry
Next by Date: Strange files in / - possible security problem?
Previous by thread: Re: /dev/log
Next by thread: URGENT RESPONSE!
Index(es):
- Date
- Thread