Date: Fri, 21 Aug 1998 09:37:28 -0700 (PDT) From: dima@best.net (Dima Ruban) To: wollman@khavrinen.lcs.mit.edu (Garrett Wollman) Cc: jkh@time.cdrom.com, security@FreeBSD.ORG Subject: Re: Scaring the bezeesus out of your system admin as a normal user: Message-ID: <199808211637.JAA25475@burka.rdy.com> In-Reply-To: <199808211204.IAA14546@khavrinen.lcs.mit.edu> from Garrett Wollman at "Aug 21, 1998 8: 4: 7 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Garrett Wollman writes: > <<On Fri, 21 Aug 1998 00:02:54 -0700, "Jordan K. Hubbard" <jkh@time.cdrom.com> said: > > > % logger -p auth.notice -t su crackman to root on ttyp1 > > I'd suggest that /var/run/log should have 0600 permissions but that > > would certainly screw over a few of syslog(3)'s current users. > > > Hmmmm. No quick ideas here. :) > > It would be fairly simple for us to simply pass the user's credentials > along with the message, and then have syslogd differentiate. I don't think it will solve the problem. Sending log message doesn't require any special priveleges, so if you'll force logger to send user credentials, someone can simply write a program that will go around it. > > -GAWollman > > -- > Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same > wollman@lcs.mit.edu | O Siem / The fires of freedom > Opinions not those of| Dance in the burning flame > MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808211637.JAA25475>