Date: Fri, 8 Jan 1999 17:09:50 +0100 From: Eivind Eklund <eivind@FreeBSD.ORG> To: Guido van Rooij <guido@gvr.org>, Vadim Kolontsov <vadim@tversu.ru>, Don Lewis <Don.Lewis@tsc.tdk.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: kernel/syslogd hack Message-ID: <19990108170950.L348@follo.net> In-Reply-To: <19990108165225.A1603@gvr.org>; from Guido van Rooij on Fri, Jan 08, 1999 at 04:52:25PM %2B0100 References: <vadim@tversu.ru> <199901060039.QAA13314@salsa.gv.tsc.tdk.com> <19990106094701.A28727@tversu.ru> <19990107214242.A1721@gvr.org> <19990108141005.F348@follo.net> <19990108165225.A1603@gvr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 08, 1999 at 04:52:25PM +0100, Guido van Rooij wrote: > On Fri, Jan 08, 1999 at 02:10:05PM +0100, Eivind Eklund wrote: > > I think we need to fix the interface here; forcing the client to 'give > > ID' is IMO bad for security (it is somewhat good for privacy, > > So make an option to syslogd: accept old style (unauthenticated) messages. > If you remove that option, only authenticated mesages will come through. > That way, you dont need to change the name of syslog(2) and you > still get all the desired functionality. I was thinking of re-writing the API for SS_CRED, not for syslog. This is somewhat bad for privacy, but it is extremely good for being able to track attacks. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990108170950.L348>