|
Vulnerability Development
mailing list archives
/dev/urandom | logger "issue"
From: Vitaly McLain <twistah () DATASURGE NET>
Date: Mon, 21 Aug 2000 13:10:18 -0500
Hi,
I know I'll probably wind up sounding like an idiot, but why is that on
Linux boxes normal users have so much access to /var/log/messages via
"logger"? Any user can do:
cat /dev/urandom | logger &
A couple of those will make "messages" look corrupted and fill up your
hard-drive. The worst part is lines like:
Aug 21 12:42:10 bizkit logger: I^[Ö)~z¼v*^Wf^D
Aug 21 12:42:10 bizkit logger: ^]"Àµ_®ý¼P^S¯,´yäOsñѾ+^_^B÷tL3#^WmÓnåbÜ^OÝ
Couldn't "logger" at least log which user sent this input to logger? It'd be
nice, otherwise it'd be hard to track down.
My setup is Slackware 7.0 with stock 2.2.13 kernel. Here is some info:
bizkit:~$ ls -al /dev/urandom
crw-r--r-- 1 root root 1, 9 Dec 11 1995 /dev/urandom
bizkit:~$ ls -al `which logger`
-rwxr-xr-x 1 root bin 8228 Aug 1 1999 /usr/bin/logger*
bizkit:~$ uname -a
Linux bizkit 2.2.13 #61 Wed Oct 20 19:40:54 CDT 1999 i586 unknown
bizkit:~$
I've tried to test this behavior on other distributions of Linux (namely
Debian), but as they are not my machines, I couldn't see /var/log/messages.
Doing the command gave no errors, though.
I am betting this has to do with bad permissions on my /var/log/messages,
though I am sure I've seen this on other machines. What do you guys think?
UPDATE: I have just been informed this works on RedHat 6.2 and 6.1.
Vitaly McLain
twistah () datasurge net
 By Date 
By Thread
Current thread:
- /dev/urandom | logger "issue" Vitaly McLain (Aug 21)
|
Intro
