From owner-freebsd-security  Fri Aug 21 09:38:23 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA29639
          for freebsd-security-outgoing; Fri, 21 Aug 1998 09:38:23 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from burka.rdy.com (burka.rdy.com [205.149.163.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA29633
          for <security@FreeBSD.ORG>; Fri, 21 Aug 1998 09:38:20 -0700 (PDT)
          (envelope-from dima@burka.rdy.com)
Received: (from dima@localhost)
	by burka.rdy.com (8.8.8/RDY&DVV) id JAA25475;
	Fri, 21 Aug 1998 09:37:28 -0700 (PDT)
Message-Id: <199808211637.JAA25475@burka.rdy.com>
Subject: Re: Scaring the bezeesus out of your system admin as a normal user:
In-Reply-To: <199808211204.IAA14546@khavrinen.lcs.mit.edu> from Garrett Wollman at "Aug 21, 1998  8: 4: 7 am"
To: wollman@khavrinen.lcs.mit.edu (Garrett Wollman)
Date: Fri, 21 Aug 1998 09:37:28 -0700 (PDT)
Cc: jkh@time.cdrom.com, security@FreeBSD.ORG
X-Class: Fast
Organization: HackerDome
Reply-To: dima@best.net
From: dima@best.net (Dima Ruban)
X-Mailer: ELM [version 2.4ME+ PL45 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Garrett Wollman writes:
> <<On Fri, 21 Aug 1998 00:02:54 -0700, "Jordan K. Hubbard" <jkh@time.cdrom.com> said:
> 
> > % logger -p auth.notice -t su crackman to root on ttyp1
> > I'd suggest that /var/run/log should have 0600 permissions but that
> > would certainly screw over a few of syslog(3)'s current users.
> 
> > Hmmmm.  No quick ideas here. :)
> 
> It would be fairly simple for us to simply pass the user's credentials
> along with the message, and then have syslogd differentiate.

I don't think it will solve the problem. Sending log message doesn't require
any special priveleges, so if you'll force logger to send user credentials,
someone can simply write a program that will go around it.

> 
> -GAWollman
> 
> --
> Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
> wollman@lcs.mit.edu  | O Siem / The fires of freedom 
> Opinions not those of| Dance in the burning flame
> MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

-- dima

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message