Date: Sun, 17 Aug 2003 23:01:54 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Dan Nelson <dnelson@allantgroup.com> Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: Fragments of kernel log text in "security run" message Message-ID: <20030818060154.GA70687@rot13.obsecurity.org> In-Reply-To: <20030818055019.GF2653@dan.emsphone.com> References: <v04210101bb65e6df4e60@[192.168.1.27]> <20030818052132.GA70374@rot13.obsecurity.org> <20030818055019.GF2653@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--opJtzjQTFsWo+cga Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 18, 2003 at 12:50:19AM -0500, Dan Nelson wrote: > > I get this as well on RELENG_4...I wish I knew why. Often it causes > > syslogd to log it at LOG_EMERG priority (=3Dspams every logged in user > > with the truncated message). >=20 > I think this happens after the kernel's message buffer starts rolling > over. The very first line in the dmesg output sometimes gets cut in > half, so diff prints it as a change block, and the security script > prints the "add" portion. Maybe the check_diff function should remove > the first line of the dmesg output before doing the diff? I guess I'm talking about a different problem, actually (syslogd), although I see the truncated security script mail as well. Kris --opJtzjQTFsWo+cga Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/QGvSWry0BWjoQKURAnIQAJ4mmR0PX5uUuOqw/xMkDYexuH8aQACg4usQ EQyeYqZE67tdylj//6Sk5i4= =KiC/ -----END PGP SIGNATURE----- --opJtzjQTFsWo+cga--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030818060154.GA70687>