Subject: Re: Syslogkd: Security problem.
From: marc (marc@jade.cs.uct.ac.za)
Date: Tue Sep 19 2000 - 15:38:40 CEST
> > I've already done "chmod o= /dev/log"
> > on my own system; I've not noticed any serious problem.
> >
> > Note that on Solaris, this is ALREADY the default, so portable programs
> > have to assume this anyway.
> >
> > I'm trying to avoid a Bugtraq notice before this has been fixed,
> > but that's clearly my next step.
>
> Go ahead, but don't get disappointed if you get flamed.
>
> For example:
>
> a news system does not run as root, thus could not log.
>
> a modern mail system does not run as root, thus could not log.
>
> programs using logger/perl/python to log often don't run as root, thus could not log.
Hi
If you would like to do decent access control, I think
you might find the SO_PEERCRED option useful. I am using it
for my project, an extended logging subsystem. See
http://jade.cs.uct.ac.za/idsa/
regards
marc
This archive was generated by hypermail 2b25 : Tue Sep 19 2000 - 15:34:06 CEST