Date: Fri, 8 Jan 1999 14:10:05 +0100 From: Eivind Eklund <eivind@FreeBSD.ORG> To: Guido van Rooij <guido@gvr.org>, Vadim Kolontsov <vadim@tversu.ru>, Don Lewis <Don.Lewis@tsc.tdk.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: kernel/syslogd hack Message-ID: <19990108141005.F348@follo.net> In-Reply-To: <19990107214242.A1721@gvr.org>; from Guido van Rooij on Thu, Jan 07, 1999 at 09:42:42PM %2B0100 References: <vadim@tversu.ru> <199901060039.QAA13314@salsa.gv.tsc.tdk.com> <19990106094701.A28727@tversu.ru> <19990107214242.A1721@gvr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 07, 1999 at 09:42:42PM +0100, Guido van Rooij wrote: > On Wed, Jan 06, 1999 at 09:47:01AM +0300, Vadim Kolontsov wrote: > > > > Who will rebuild all binary-only FreeBSD/Linux apps, available on the market? > > Not all of them use shared libraries. > > So..If you rewrite syslog(3) to sendmsg an SS_CRED message, you can rewrite > syslog to only log the (e)uid of the syslog(3)-caller when thi messages > is received. This way you would not break the older syslog-users. ... but you give anybody the ability to spoof messages by pretending to be an older caller. I think we need to fix the interface here; forcing the client to 'give ID' is IMO bad for security (it is somewhat good for privacy, though...) Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990108141005.F348>