|
Vulnerability Development
mailing list archives
Re: Possible syslogd DoS ?
From: "Crist J. Clark" <cristjc () earthlink net>
Date: Wed, 3 Oct 2001 23:10:33 -0700
On Wed, Oct 03, 2001 at 08:09:58PM +0200, Petr Baudis wrote:
Hello,
I just recently came on a thought (thanks to Marek Jaros) of possible
DoS of syslogd. It uses /dev/log for receiving log messages, which has
mode 0666 on most linuxes. It should be ok, as many non-root applications
should be allowed to log things etc.
[snip]
Discussion? Something i didn't take into account? Possible solutions?
To paraphrase an old quote, syslog is basically an unauthenticated
disk filling utility.
#!/bin/sh
while :; do
logger "This is message one."
logger "This is message two."
done
On a system with untrusted users, you may need to do some special
configuration (change permissions on the log socket, make sure the
filling the partitions syslog writes to are not fatal, etc.).
This is a well known vulnerability of the syslog system, but is often
overlooked due to greater concerns over remote disk filling
possibilities.
--
Crist J. Clark cjclark () alum mit edu
cjclark () jhu edu
cjc () freebsd org
 By Date 
By Thread
Current thread:
| 
Intro
