Date: Wed, 6 Jan 1999 23:21:20 +1100 (EDT) From: Darren Reed <avalon@coombs.anu.edu.au> To: vadim@tversu.ru (Vadim Kolontsov) Cc: freebsd-security@FreeBSD.ORG Subject: Re: kernel/syslogd hack Message-ID: <199901061221.XAA25787@cheops.anu.edu.au> In-Reply-To: <19990106140415.B14924@tversu.ru> from "Vadim Kolontsov" at Jan 6, 99 02:04:15 pm
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Vadim Kolontsov, sie said: > > Hi, > > On Wed, Jan 06, 1999 at 09:44:37PM +1100, Darren Reed wrote: > > > > > # mkdir /var/run/log.d > > > > # chmod 700 /var/run/log.d > > > > # ln -s /var/run/log.d/log /var/run/log > > > > # syslogd -p /var/run/log/log > > > > > > Sorry, I didn't understand you. In which cases would it help? > > > > The above stops non-root from sending syslog messages, locally. > > I understand it, but I didn't understand in which *real* cases > it can be useful? > > I can create "log" group and put all syslog()ing programs into it.. but I > still don't sure it's useful. Your initial concern was that using programs like logger(1), people could supply fake log messages. The above prevents that (if UDP is shut off also) from hapenning locally. Isn't that part of what you wanted to do ? Afterall, how many programs is Joe Bloggs likely to run that will generate syslog messages ? Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901061221.XAA25787>