From owner-freebsd-security Fri Aug 21 05:04:52 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA24321 for freebsd-security-outgoing; Fri, 21 Aug 1998 05:04:52 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA24304 for ; Fri, 21 Aug 1998 05:04:50 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id IAA14546; Fri, 21 Aug 1998 08:04:07 -0400 (EDT) (envelope-from wollman) Date: Fri, 21 Aug 1998 08:04:07 -0400 (EDT) From: Garrett Wollman Message-Id: <199808211204.IAA14546@khavrinen.lcs.mit.edu> To: "Jordan K. Hubbard" Cc: security@FreeBSD.ORG Subject: Scaring the bezeesus out of your system admin as a normal user: In-Reply-To: <29367.903682974@time.cdrom.com> References: <29367.903682974@time.cdrom.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > % logger -p auth.notice -t su crackman to root on ttyp1 > I'd suggest that /var/run/log should have 0600 permissions but that > would certainly screw over a few of syslog(3)'s current users. > Hmmmm. No quick ideas here. :) It would be fairly simple for us to simply pass the user's credentials along with the message, and then have syslogd differentiate. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message