Vulnerability Development: Re: /dev/urandom | logger "issue"

["Larry D'Anna" <larry () pink dhs org>]

* Vitaly McLain (twistah () DATASURGE NET) [000822 01:34]:
> Hi,
>
> I know I'll probably wind up sounding like an idiot, but why is that on
> Linux boxes normal users have so much access to /var/log/messages via
> "logger"? Any user can do:
>
> cat /dev/urandom | logger &
>
> A couple of those will make "messages" look corrupted and fill up your
> hard-drive. The worst part is lines like:
> Aug 21 12:42:10 bizkit logger: I^[Ö)~z¼v*^Wf^D
> Aug 21 12:42:10 bizkit logger: ^]"Àµ_®ý¼P^S¯,´yäOsñѾ+^_^B÷tL3#­^WmÓnåbÜ^OÝ
>
> Couldn't "logger" at least log which user sent this input to logger? It'd be
> nice, otherwise it'd be hard to track down.
Is it possible to get the uid of the process at the other end of a
unix domain socket?  If so then why not have syslogd get the uid and
record who logged each message?

        --larry