From owner-freebsd-security  Sat Aug 22 06:08:20 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA28517
          for freebsd-security-outgoing; Sat, 22 Aug 1998 06:08:20 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from fledge.watson.org (COPLAND.CODA.CS.CMU.EDU [128.2.222.48])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA28504
          for <security@FreeBSD.ORG>; Sat, 22 Aug 1998 06:08:18 -0700 (PDT)
          (envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id JAA00562;
	Sat, 22 Aug 1998 09:07:21 -0400 (EDT)
Date: Sat, 22 Aug 1998 09:07:20 -0400 (EDT)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Dima Ruban <dima@best.net>
cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, jkh@time.cdrom.com,
        security@FreeBSD.ORG
Subject: Re: Scaring the bezeesus out of your system admin as a normal user:
In-Reply-To: <199808211637.JAA25475@burka.rdy.com>
Message-ID: <Pine.BSF.3.96.980822090616.392C-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 21 Aug 1998, Dima Ruban wrote:

> Garrett Wollman writes:
> > <<On Fri, 21 Aug 1998 00:02:54 -0700, "Jordan K. Hubbard" <jkh@time.cdrom.com> said:
> > 
> > > % logger -p auth.notice -t su crackman to root on ttyp1
> > > I'd suggest that /var/run/log should have 0600 permissions but that
> > > would certainly screw over a few of syslog(3)'s current users.
> > 
> > > Hmmmm.  No quick ideas here. :)
> > 
> > It would be fairly simple for us to simply pass the user's credentials
> > along with the message, and then have syslogd differentiate.
> 
> I don't think it will solve the problem. Sending log message doesn't require
> any special priveleges, so if you'll force logger to send user credentials,
> someone can simply write a program that will go around it.

It would solve the problem if you *required* that credentials be passed
with log messages before accepting them.  Add credential passing to the
syslog library, etc.


  Robert N Watson 

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
SafePort Network Services             http://www.safeport.com/
robert@fledge.watson.org              http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message