From owner-freebsd-security  Thu Jan  7 12:45:20 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA03514
          for freebsd-security-outgoing; Thu, 7 Jan 1999 12:45:20 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gvr.gvr.org (gvr.gvr.org [194.151.74.97])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA03502
          for <freebsd-security@FreeBSD.ORG>; Thu, 7 Jan 1999 12:45:06 -0800 (PST)
          (envelope-from guido@gvr.org)
Received: (from guido@localhost)
	by gvr.gvr.org (8.8.8/8.8.5) id VAA01748;
	Thu, 7 Jan 1999 21:42:42 +0100 (MET)
Message-ID: <19990107214242.A1721@gvr.org>
Date: Thu, 7 Jan 1999 21:42:42 +0100
From: Guido van Rooij <guido@gvr.org>
To: Vadim Kolontsov <vadim@tversu.ru>, Don Lewis <Don.Lewis@tsc.tdk.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: kernel/syslogd hack
References: <vadim@tversu.ru> <199901060039.QAA13314@salsa.gv.tsc.tdk.com> <19990106094701.A28727@tversu.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <19990106094701.A28727@tversu.ru>; from Vadim Kolontsov on Wed, Jan 06, 1999 at 09:47:01AM +0300
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, Jan 06, 1999 at 09:47:01AM +0300, Vadim Kolontsov wrote:
> 
>   Who will rebuild all binary-only FreeBSD/Linux apps, available on the market?
> Not all of them use shared libraries.

So..If you rewrite syslog(3) to sendmsg an SS_CRED message, you can rewrite
syslog to only log the (e)uid of the syslog(3)-caller when thi messages
is received. This way you would not break the older syslog-users.

-Guido

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message