From owner-freebsd-security Fri Jan 8 05:10:44 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA21062 for freebsd-security-outgoing; Fri, 8 Jan 1999 05:10:44 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA21037 for ; Fri, 8 Jan 1999 05:10:37 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id OAA27286; Fri, 8 Jan 1999 14:10:06 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id OAA03732; Fri, 8 Jan 1999 14:10:06 +0100 (MET) Message-ID: <19990108141005.F348@follo.net> Date: Fri, 8 Jan 1999 14:10:05 +0100 From: Eivind Eklund To: Guido van Rooij , Vadim Kolontsov , Don Lewis Cc: freebsd-security@FreeBSD.ORG Subject: Re: kernel/syslogd hack References: <199901060039.QAA13314@salsa.gv.tsc.tdk.com> <19990106094701.A28727@tversu.ru> <19990107214242.A1721@gvr.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <19990107214242.A1721@gvr.org>; from Guido van Rooij on Thu, Jan 07, 1999 at 09:42:42PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Jan 07, 1999 at 09:42:42PM +0100, Guido van Rooij wrote: > On Wed, Jan 06, 1999 at 09:47:01AM +0300, Vadim Kolontsov wrote: > > > > Who will rebuild all binary-only FreeBSD/Linux apps, available on the market? > > Not all of them use shared libraries. > > So..If you rewrite syslog(3) to sendmsg an SS_CRED message, you can rewrite > syslog to only log the (e)uid of the syslog(3)-caller when thi messages > is received. This way you would not break the older syslog-users. ... but you give anybody the ability to spoof messages by pretending to be an older caller. I think we need to fix the interface here; forcing the client to 'give ID' is IMO bad for security (it is somewhat good for privacy, though...) Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message