|
Vulnerability Development
mailing list archives
Re: /dev/urandom | logger "issue"
From: Matt Wilson <msw () REDHAT COM>
Date: Tue, 22 Aug 2000 09:57:26 -0400
On Mon, Aug 21, 2000 at 01:10:18PM -0500, Vitaly McLain wrote:
Hi,
I know I'll probably wind up sounding like an idiot, but why is that on
Linux boxes normal users have so much access to /var/log/messages via
"logger"? Any user can do:
Yes, and any user could also do:
#include <syslog.h>
int main(void)
{
char buf[1000];
read (0, &buf, sizeof(buf) - 1);
openlog("foobar", 0, LOG_USER);
syslog (LOG_NOTICE, "%s", buf);
closelog();
}
I am betting this has to do with bad permissions on my /var/log/messages,
though I am sure I've seen this on other machines. What do you guys think?
No, this has nothing to do with the permissions on /var/log/messages.
The messages are posted via the syslog facility. As long as syslog is
running you'll be able to send messages via syslog.
To deny any process from using syslog(3) would mean quite a bit of
work for non-root-running daemons to write genuine messages via
syslog.
Matt
 By Date 
By Thread
Current thread:
| 
Intro
