Date: Fri, 8 Jan 1999 16:52:25 +0100 From: Guido van Rooij <guido@gvr.org> To: Eivind Eklund <eivind@FreeBSD.ORG>, Vadim Kolontsov <vadim@tversu.ru>, Don Lewis <Don.Lewis@tsc.tdk.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: kernel/syslogd hack Message-ID: <19990108165225.A1603@gvr.org> In-Reply-To: <19990108141005.F348@follo.net>; from Eivind Eklund on Fri, Jan 08, 1999 at 02:10:05PM %2B0100 References: <vadim@tversu.ru> <199901060039.QAA13314@salsa.gv.tsc.tdk.com> <19990106094701.A28727@tversu.ru> <19990107214242.A1721@gvr.org> <19990108141005.F348@follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 08, 1999 at 02:10:05PM +0100, Eivind Eklund wrote: > On Thu, Jan 07, 1999 at 09:42:42PM +0100, Guido van Rooij wrote: > > On Wed, Jan 06, 1999 at 09:47:01AM +0300, Vadim Kolontsov wrote: > > > > > > Who will rebuild all binary-only FreeBSD/Linux apps, available on the market? > > > Not all of them use shared libraries. > > > > So..If you rewrite syslog(3) to sendmsg an SS_CRED message, you can rewrite > > syslog to only log the (e)uid of the syslog(3)-caller when thi messages > > is received. This way you would not break the older syslog-users. > > ... but you give anybody the ability to spoof messages by pretending > to be an older caller. > > I think we need to fix the interface here; forcing the client to 'give > ID' is IMO bad for security (it is somewhat good for privacy, So make an option to syslogd: accept old style (unauthenticated) messages. If you remove that option, only authenticated mesages will come through. That way, you dont need to change the name of syslog(2) and you still get all the desired functionality. -Guido To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990108165225.A1603>