Vulnerability Development: Re: /dev/urandom | logger "issue"

[H D Moore <hdm () SECUREAUSTIN COM>]

Even if you added user logging when the logger program is run, what
keeps someone from opening /dev/log and forging thier messages that way?

SuSE 6.4:

srw-rw-rw-   1 root     root            0 Aug 26 15:12 /dev/log

-HD


Larry D'Anna wrote:
> * Vitaly McLain (twistah () DATASURGE NET) [000822 01:34]:
> > Hi,
> >
> > I know I'll probably wind up sounding like an idiot, but why is that on
> > Linux boxes normal users have so much access to /var/log/messages via
> > "logger"? Any user can do:
> >
> > cat /dev/urandom | logger &
> >
> > A couple of those will make "messages" look corrupted and fill up your
> > hard-drive. The worst part is lines like:
> > Aug 21 12:42:10 bizkit logger: I^[Ö)~z¼v*^Wf^D
> > Aug 21 12:42:10 bizkit logger: ^]"Àµ_®ý¼P^S¯,´yäOsñѾ+^_^B÷tL3#­^WmÓnåbÜ^OÝ
> >
> > Couldn't "logger" at least log which user sent this input to logger? It'd be
> > nice, otherwise it'd be hard to track down.