From owner-freebsd-security  Tue Jan  5 22:49:00 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA25347
          for freebsd-security-outgoing; Tue, 5 Jan 1999 22:49:00 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from tversu.ru (mail.tversu.ru [62.76.80.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA25297
          for <freebsd-security@freebsd.org>; Tue, 5 Jan 1999 22:48:35 -0800 (PST)
          (envelope-from vadim@gala.tversu.ru)
Received: from gala.tversu.ru (vadim@gala.tversu.ru [62.76.80.10])
	by tversu.ru (8.8.8/8.8.8) with ESMTP id JAA18431;
	Wed, 6 Jan 1999 09:45:02 +0300 (MSK)
Received: (from vadim@localhost)
	by gala.tversu.ru (8.8.8/8.8.8) id JAA28745;
	Wed, 6 Jan 1999 09:47:01 +0300 (MSK)
Date: Wed, 6 Jan 1999 09:47:01 +0300
From: Vadim Kolontsov <vadim@tversu.ru>
To: Don Lewis <Don.Lewis@tsc.tdk.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: kernel/syslogd hack
Message-ID: <19990106094701.A28727@tversu.ru>
References: <vadim@tversu.ru> <199901060039.QAA13314@salsa.gv.tsc.tdk.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.94.15i
In-Reply-To: <199901060039.QAA13314@salsa.gv.tsc.tdk.com>; from Don Lewis on Tue, Jan 05, 1999 at 04:39:53PM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi,

On Tue, Jan 05, 1999 at 04:39:53PM -0800, Don Lewis wrote:

> }    Advantages: it doesn't require to recompile client applications or
> }    shared libraries, it's completely transparent for clients, can be
> 
> If you wanted to use SCM_CREDS, you'd need to tweak syslog() and rebuild
> the shared library.  I don't think this is too much of a disadvantage.

  Who will rebuild all binary-only FreeBSD/Linux apps, available on the market?
Not all of them use shared libraries.
  I would be happy, anyway, if FreeBSD will you use more secure syslog..

> }    used in other applications (I'm also thinking about some getpeeruid()
> }    call for stream-based UNIX domain sockets -- I think it will just
> }    walk through kernel structures (proc, p_fd, f_data, so_proto,
> }    pr_domain..))
> 
> What if there are multiple processes at the other end?  If a process
> calls connect() and then fork(), the socket created by accept() in the
> server will have multiple peer processes.

  Yes..

> }    Of course this patch doesn't solve problem with syslog/514 UDP. I
> }    know it
> 
> Someone has written a secure syslog protocol that uses encryption, etc.

  it signs local logs, it encrypts it during network transfer, but it
does nothing for the problem I've described -- log socket (AF_UNIX) is available
for everyone and all information is trusted (correct me if I'm wrong)

Regards,
V.
-- 
Vadim Kolontsov
Tver Internet Center NOC

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message