Re: Syslogkd: Security problem.

Subject: Re: Syslogkd: Security problem.
From: marc (marc@jade.cs.uct.ac.za)
Date: Tue Sep 19 2000 - 15:38:40 CEST

• sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: G.W. Wettstein: "Re: Next try: sysklogd 1.4"
• Previous message: Solar Designer: "Re: Next try: sysklogd 1.4"
• In reply to: Martin Schulze: "Re: Syslogkd: Security problem."
• Reply: marc: "Re: Syslogkd: Security problem."

> > I've already done "chmod o= /dev/log"
> > on my own system; I've not noticed any serious problem.
> >
> > Note that on Solaris, this is ALREADY the default, so portable programs
> > have to assume this anyway.
> >
> > I'm trying to avoid a Bugtraq notice before this has been fixed,
> > but that's clearly my next step.
>
> Go ahead, but don't get disappointed if you get flamed.
>
> For example:
>
> a news system does not run as root, thus could not log.
>
> a modern mail system does not run as root, thus could not log.
>
> programs using logger/perl/python to log often don't run as root, thus could not log.

Hi

If you would like to do decent access control, I think
you might find the SO_PEERCRED option useful. I am using it
for my project, an extended logging subsystem. See
http://jade.cs.uct.ac.za/idsa/

regards

marc

• Next message: G.W. Wettstein: "Re: Next try: sysklogd 1.4"
• Previous message: Solar Designer: "Re: Next try: sysklogd 1.4"
• In reply to: Martin Schulze: "Re: Syslogkd: Security problem."
• Reply: marc: "Re: Syslogkd: Security problem."

This archive was generated by hypermail 2b25 : Tue Sep 19 2000 - 15:34:06 CEST