From owner-cvs-src@FreeBSD.ORG Sun Oct 10 11:08:45 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43B5416A4CE; Sun, 10 Oct 2004 11:08:45 +0000 (GMT) Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by mx1.FreeBSD.org (Postfix) with SMTP id C8B6543D2D; Sun, 10 Oct 2004 11:08:43 +0000 (GMT) (envelope-from dwmalone@maths.tcd.ie) Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP id ; 10 Oct 2004 12:08:42 +0100 (BST) Date: Sun, 10 Oct 2004 12:08:42 +0100 From: David Malone To: Gleb Smirnoff Message-ID: <20041010110842.GA16446@walton.maths.tcd.ie> References: <200410082115.i98LFLMU034965@repoman.freebsd.org> <20041009153916.GA2003@webcom.it> <20041009212952.GA8922@cell.sick.ru> <200410082115.i98LFLMU034965@repoman.freebsd.org> <20041009153916.GA2003@webcom.it> <20041009190714.GB1093@green.homeunix.org> <20041010072205.GA1617@webcom.it> <20041010101612.GB11523@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041010101612.GB11523@cell.sick.ru> User-Agent: Mutt/1.5.6i Sender: dwmalone@maths.tcd.ie cc: Andrea Campi cc: Brian Fundakowski Feldman cc: src-committers@freebsd.org cc: cvs-all@freebsd.org cc: cvs-src@freebsd.org Subject: Re: cvs commit: src/lib/libc/gen syslog.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Oct 2004 11:08:45 -0000 On Sun, Oct 10, 2004 at 02:16:12PM +0400, Gleb Smirnoff wrote: [Sorry - I sent Gleb feedback on this earlier this week but I've been busy and so didn't have a chance to follow up on it properly.] > 1. Not forever. If syslogd has hung (as opposed to being busy), it will wait forever. Try "killall -STOP syslogd" and then logging a bundle of messages. With the old situation other services continue to run, with the new situation every program that calls syslog(3) end up stuck. > 3. If /var/run/log is overflowed that means that your machine is already > slowed down by syslogd process and its IO. Your application is already > not doing its best. > Better have consistent logs later to investigate that DoS. An attacker > may trigger that DoS intentionally to hide some messages, which will > be logged if syslogd is not overflowed. This can happen in situations other than DoSs. Previously there have been situations where syslogd hangs if a serial console becomes confused or because of a coding error. This change makes it impossible to su and fix the problem. IMHO, this is worse than loosing syslog messages. (I guess if someone can log enough messages to the syslog socket to cause ENOBUFS, they can also log enough messages to fill up /var and have syslogd stop logging because the disk is full.) David.