Date: Sat, 01 May 2010 21:55:02 -0700 From: Julian Elischer <julian@elischer.org> To: "M. Warner Losh" <imp@bsdimp.com> Cc: ed@80386.nl, freebsd-arch@freebsd.org, Alexander@Leidinger.net Subject: Re: [Extension] utmpx and LOGIN_FAILURE Message-ID: <4BDD05A6.1090709@elischer.org> In-Reply-To: <20100501.215023.353672579433532204.imp@bsdimp.com> References: <20100501203244.GT56080@hoeg.nl> <20100501205625.GB36980@server.vk2pj.dyndns.org> <20100501235846.GU56080@hoeg.nl> <20100501.215023.353672579433532204.imp@bsdimp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/1/10 8:50 PM, M. Warner Losh wrote: > In message:<20100501235846.GU56080@hoeg.nl> > Ed Schouten<ed@80386.nl> writes: > : * Peter Jeremy<peterjeremy@acm.org> wrote: > :> On 2010-May-01 22:32:44 +0200, Ed Schouten<ed@80386.nl> wrote: > :> >* Alexander Leidinger<Alexander@Leidinger.net> wrote: > :> >> Does this default to on or off or is this always on? If the later: some > :> >> kind of a switch (no matter what the default is) would be highly > :> >> desired. > :> > > :> >What about adding a switch to last(1) to (un)hide the entries? > :> > :> That doesn't cover the DoS potential of logging this data in the > :> firstplace. > : > : So how is this covered right now? As far as I know, all of our existing > : login services write messages to /var/log/*. successful and unsuccessful attempts need to be in different files or an attacker can effectively flush the record of successful attempts by filling up the files with unsuccessful attempts. This is also a DOS method. > > newsyslog rotates those files when they get too big... > > Warner > _______________________________________________ > freebsd-arch@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BDD05A6.1090709>