Vulnerability Development: Re: /dev/urandom

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: /dev/urandom | logger "issue"

From: "Sarel J. Botha" <sjbotha () EMAIL COM>
Date: Mon, 28 Aug 2000 00:32:14 +0200

On Sun, Aug 27, 2000 at 02:48:57AM -0500, H D Moore wrote:

Even if you added user logging when the logger program is run, what
keeps someone from opening /dev/log and forging thier messages that way?


I'm not 100% on how syslog works. Does a daemon write to /dev/log or to a
unix socket to log?

If it only uses /dev/log then this problem can be easily fixed my system
administrators on their own machines. Just create a log group, make the
permissions on /dev/log 660 and add all daemons that are allowed to log to
the log group.

IMHO distributions should also have a policy enforcing this.

--
------------------
Sarel Botha
sjbotha () email com
------------------

99 little bugs in the code, 99 bugs in the code,
          fix one bug, compile it again...
          101 little bugs in the code....

By Date By Thread

Current thread:

Re: /dev/urandom | logger "issue", (continued)
- Re: /dev/urandom | logger "issue" Larry D'Anna (Aug 23)
  - Re: /dev/urandom | logger "issue" Sarel J. Botha (Aug 23)
  - Re: /dev/urandom | logger "issue" Alfonso De Gregorio (Aug 23)
  - Re: /dev/urandom | logger "issue" Matt Wilson (Aug 23)
  - Re: /dev/urandom | logger "issue" H D Moore (Aug 27)
    - Re: /dev/urandom | logger "issue" Sarel J. Botha (Aug 27)
    - Re: /dev/urandom | logger "issue" M ixter (Aug 28)
    - Re: /dev/urandom | logger "issue" Kev (Aug 28)