Date: Sun, 10 Oct 2004 01:29:52 +0400 From: Gleb Smirnoff <glebius@freebsd.org> To: Andrea Campi <andrea+freebsd_cvs@webcom.it> Cc: cvs-all@freebsd.org Subject: Re: cvs commit: src/lib/libc/gen syslog.c Message-ID: <20041009212952.GA8922@cell.sick.ru> In-Reply-To: <20041009153916.GA2003@webcom.it> References: <200410082115.i98LFLMU034965@repoman.freebsd.org> <20041009153916.GA2003@webcom.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Oct 09, 2004 at 05:39:17PM +0200, Andrea Campi wrote: A> Unless I'm missing something, this would make the calling application A> loop for an unbounded time (potentially forever), thus making the DoS A> even more effective. Personally, I've never thought of syslog as a A> reliable service, and I'm quite sure I prefer to lose messages but A> keep my apps running than the opposite. If an application needs a A> failsafe logging mechanism, chances are it will use something else A> anyway. Not forever. Actually this change can make applications work slower, when syslogd is DoSed. Anyway when an attacker is flooding syslog with messages your machine is _already_ slower, since syslogd consumes all CPU and IO resources. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041009212952.GA8922>