Date: Wed, 7 Oct 1998 18:16:42 -0500 (CDT) From: Igor Roshchin <igor@physics.uiuc.edu> To: cschuber@uumail.gov.bc.ca Cc: freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) Message-ID: <199810072316.SAA12861@alecto.physics.uiuc.edu> In-Reply-To: <199810071539.IAA01822@cwsys.cwsent.com> from "Cy Schubert - ITSD Open Systems Group" at "Oct 7, 1998 8:39:34 am"
next in thread | previous in thread | raw e-mail | index | archive | help
>
> I've been caught by this many times. Add to the list Solaris, HP-UX,
> DEC UNIX, AIX, Linux, ...
>
> One would think that with every UN*X operating system having this
> "feature", syslogd's use of tabs instead of spaces would be common
> knowledge. Granted, a newbie would not know this, however I remember
> the first time I made this mistake I remembered not to make it again.
>
> On the other hand it could be argued that FreeBSD should a more
> tolerant syslogd. This would cause the FreeBSD syslogd to be
> incompatible with other syslogd's, meaning I could create a syslogd for
> my shop (Suns, Alphas, RS/6000's, DG boxes, HP boxes, Linux boxes, and
> FreeBSD boxes). If FreeBSD were to have a different syslogd I would
> not be able to copy my syslogd.conf or cat any additions to any
> syslogd.conf file. I would have one master file for FreeBSD and
> another for the other systems.
Not necessarily.
If the proposed changes would be made, they still would be backwards
compatible, i.e. the file just with the tabs would be alright,
while in addition to that, syslog will understand spaces (as field
separators) too.
>
> A syslogd.conf syntax checker (as mentioned in an earlier posting)
> might be a better solution. It could be run at boot or via cron and
> email its results to the sysadmin. This could be written as a small
> Perl script.
>
> That's my $0.02 worth.
>
>
> Regards, Phone: (250)387-8437
> Cy Schubert Fax: (250)387-5766
> Open Systems Group Internet: cschuber@uumail.gov.bc.ca
> ITSD Cy.Schubert@gems8.gov.bc.ca
> Government of BC
>
Sorry, if I am missing something in this discussion,
but so far this problem seems to be obvious:
_IF_ the internal structure of the syslogd allows to use both
spaces and tabs as field separators, (^1)
then, since there is no external contradiction (^2)
this can (and probably should) be implemented.
(The backward compatibility is preserved).
Comments:
--------
^1: i.e. it doesn't conflict with any of the syslogd internals -
one should make some kind of "sanity check".
^2: The use of the spaces as the field separator
was not found to contradict to the logic of syslog.conf:
- there are just 2 fields on each line of syslog.conf
- if used for other needs, spaces do not appear in the left hand side
of the syslog.conf, but just in the second field.
(whether that is important or not, but the only (?) case when it occurs,
is when the pipe ("|") symbol is the first one in the second field.)
- if the dual use of spaces (as the field separator, and as argument
separator in the 2nd field) is troublesome for some reason (which I hope not),
the second field an be put in quote marks
(though if possible, this should not be implemented - to keep the things
simple.)
Again, sorry, if I have missed some important point.
Igor
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810072316.SAA12861>