Subject: Re: Syslogkd: Security problem.
From: Martin Schulze (joey@finlandia.infodrom.north.de)
Date: Mon Sep 18 2000 - 16:04:43 CEST
David Wheeler wrote:
>
> > then many things won't be able to log anymore, thus not working
> > anymore. go ahead to scrunge your system.
>
> I've already done "chmod o= /dev/log"
> on my own system; I've not noticed any serious problem.
>
> Note that on Solaris, this is ALREADY the default, so portable programs
> have to assume this anyway.
>
> I'm trying to avoid a Bugtraq notice before this has been fixed,
> but that's clearly my next step.
Go ahead, but don't get disappointed if you get flamed.
For example:
a news system does not run as root, thus could not log.
a modern mail system does not run as root, thus could not log.
programs using logger/perl/python to log often don't run as root, thus could not log.
Regards,
Joey
-- No question is too silly to ask, but, of course, some are too silly to answer. -- Perl book Oldenburger LinuxTag 2000 http://oldenburger.linuxtage.de/
This archive was generated by hypermail 2b25 : Mon Sep 18 2000 - 16:04:44 CEST