Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: syslog/udp
From: proff () suburbia apana org au (Julian Assange)
Date: Thu, 24 Feb 1994 15:32:46 +1100 (EST)




The problem is that syslogd will accept any message from anywhere
on the net. If you have to accept messages from your local net,
this fix is not useful -- if you're only logging things on your
local machine (i.e. all programs logging are using syslog(3)),
then you can disable logging over UDP.

Even worse its only UDP packets, *very very* easy to forge
so that you cant even trust the IP address in them.

How can we, who are without source code, change this behavior?

You can get the Berkeley syslogd code, which is in all likelyhood
compatible with your current syslogd.

I'm afraid this is not the case.  To compile BSD's syslogd
code you will have to collect syslogd and rwalld sources and
will have to find (or rewrite your own) the daemon() call (I
assume this takes you off the tty and forks and has the parent
return).  Sun's syslogd has at least one feature that the BSD
version does not.  It doesnt open the syslog.conf for reading
directly but rather pipes it through the 'm4' macro processor
with the LOGHOST variable set if loghost's address is the same
as one of the machines net interfaces.  This allows you to use
the same syslog.conf file on loghost and non-loghost machines.
With BSD's syslog you would have to remove the if() lines in
the syslog.conf and make two seperate files.


my version of daemon():

void daemon()
{
        close(0);
        close(1);
        close(2);
        setsid();
        if (fork()) _exit(0);
}

- Julian.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault