From owner-freebsd-security Wed Oct 7 16:17:07 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA19421 for freebsd-security-outgoing; Wed, 7 Oct 1998 16:17:07 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from alecto.physics.uiuc.edu (alecto.physics.uiuc.edu [130.126.8.20]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA19385 for ; Wed, 7 Oct 1998 16:16:53 -0700 (PDT) (envelope-from igor@alecto.physics.uiuc.edu) Received: (from igor@localhost) by alecto.physics.uiuc.edu (8.9.0/8.9.0) id SAA12861; Wed, 7 Oct 1998 18:16:42 -0500 (CDT) From: Igor Roshchin Message-Id: <199810072316.SAA12861@alecto.physics.uiuc.edu> Subject: Re: The necessary steps for logging (the problem is fixed) In-Reply-To: <199810071539.IAA01822@cwsys.cwsent.com> from "Cy Schubert - ITSD Open Systems Group" at "Oct 7, 1998 8:39:34 am" To: cschuber@uumail.gov.bc.ca Date: Wed, 7 Oct 1998 18:16:42 -0500 (CDT) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > I've been caught by this many times. Add to the list Solaris, HP-UX, > DEC UNIX, AIX, Linux, ... > > One would think that with every UN*X operating system having this > "feature", syslogd's use of tabs instead of spaces would be common > knowledge. Granted, a newbie would not know this, however I remember > the first time I made this mistake I remembered not to make it again. > > On the other hand it could be argued that FreeBSD should a more > tolerant syslogd. This would cause the FreeBSD syslogd to be > incompatible with other syslogd's, meaning I could create a syslogd for > my shop (Suns, Alphas, RS/6000's, DG boxes, HP boxes, Linux boxes, and > FreeBSD boxes). If FreeBSD were to have a different syslogd I would > not be able to copy my syslogd.conf or cat any additions to any > syslogd.conf file. I would have one master file for FreeBSD and > another for the other systems. Not necessarily. If the proposed changes would be made, they still would be backwards compatible, i.e. the file just with the tabs would be alright, while in addition to that, syslog will understand spaces (as field separators) too. > > A syslogd.conf syntax checker (as mentioned in an earlier posting) > might be a better solution. It could be run at boot or via cron and > email its results to the sysadmin. This could be written as a small > Perl script. > > That's my $0.02 worth. > > > Regards, Phone: (250)387-8437 > Cy Schubert Fax: (250)387-5766 > Open Systems Group Internet: cschuber@uumail.gov.bc.ca > ITSD Cy.Schubert@gems8.gov.bc.ca > Government of BC > Sorry, if I am missing something in this discussion, but so far this problem seems to be obvious: _IF_ the internal structure of the syslogd allows to use both spaces and tabs as field separators, (^1) then, since there is no external contradiction (^2) this can (and probably should) be implemented. (The backward compatibility is preserved). Comments: -------- ^1: i.e. it doesn't conflict with any of the syslogd internals - one should make some kind of "sanity check". ^2: The use of the spaces as the field separator was not found to contradict to the logic of syslog.conf: - there are just 2 fields on each line of syslog.conf - if used for other needs, spaces do not appear in the left hand side of the syslog.conf, but just in the second field. (whether that is important or not, but the only (?) case when it occurs, is when the pipe ("|") symbol is the first one in the second field.) - if the dual use of spaces (as the field separator, and as argument separator in the 2nd field) is troublesome for some reason (which I hope not), the second field an be put in quote marks (though if possible, this should not be implemented - to keep the things simple.) Again, sorry, if I have missed some important point. Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message