From owner-freebsd-security  Fri Jan  8 07:53:15 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA09623
          for freebsd-security-outgoing; Fri, 8 Jan 1999 07:53:15 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gvr.gvr.org (gvr.gvr.org [194.151.74.97])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA09609;
          Fri, 8 Jan 1999 07:52:57 -0800 (PST)
          (envelope-from guido@gvr.org)
Received: (from guido@localhost)
	by gvr.gvr.org (8.8.8/8.8.5) id QAA01613;
	Fri, 8 Jan 1999 16:52:25 +0100 (MET)
Message-ID: <19990108165225.A1603@gvr.org>
Date: Fri, 8 Jan 1999 16:52:25 +0100
From: Guido van Rooij <guido@gvr.org>
To: Eivind Eklund <eivind@FreeBSD.ORG>, Vadim Kolontsov <vadim@tversu.ru>,
        Don Lewis <Don.Lewis@tsc.tdk.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: kernel/syslogd hack
References: <vadim@tversu.ru> <199901060039.QAA13314@salsa.gv.tsc.tdk.com> <19990106094701.A28727@tversu.ru> <19990107214242.A1721@gvr.org> <19990108141005.F348@follo.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <19990108141005.F348@follo.net>; from Eivind Eklund on Fri, Jan 08, 1999 at 02:10:05PM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Jan 08, 1999 at 02:10:05PM +0100, Eivind Eklund wrote:
> On Thu, Jan 07, 1999 at 09:42:42PM +0100, Guido van Rooij wrote:
> > On Wed, Jan 06, 1999 at 09:47:01AM +0300, Vadim Kolontsov wrote:
> > > 
> > >   Who will rebuild all binary-only FreeBSD/Linux apps, available on the market?
> > > Not all of them use shared libraries.
> > 
> > So..If you rewrite syslog(3) to sendmsg an SS_CRED message, you can rewrite
> > syslog to only log the (e)uid of the syslog(3)-caller when thi messages
> > is received. This way you would not break the older syslog-users.
> 
> ... but you give anybody the ability to spoof messages by pretending
> to be an older caller.
> 
> I think we need to fix the interface here; forcing the client to 'give
> ID' is IMO bad for security (it is somewhat good for privacy,

So make an option to syslogd: accept old style (unauthenticated) messages.
If you remove that option, only authenticated mesages will come through.
That way, you dont need to change the name of syslog(2) and you
still get all the desired functionality. 

-Guido

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message