From owner-freebsd-security Wed Sep 6 12:57:10 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.freebsd.org (8.6.11/8.6.6) id MAA07847 for security-outgoing; Wed, 6 Sep 1995 12:57:10 -0700 Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33]) by freefall.freebsd.org (8.6.11/8.6.6) with ESMTP id MAA07838 for ; Wed, 6 Sep 1995 12:57:09 -0700 Received: from localhost (localhost [127.0.0.1]) by precipice.shockwave.com (8.6.12/8.6.12) with SMTP id MAA12996; Wed, 6 Sep 1995 12:55:58 -0700 Message-Id: <199509061955.MAA12996@precipice.shockwave.com> To: Bill Trost cc: Brian Tao , freebsd-security@freebsd.org Subject: Re: Do we *really* need logger(1)? In-reply-to: Your message of "Wed, 06 Sep 1995 11:29:20 PDT." Date: Wed, 06 Sep 1995 12:55:57 -0700 From: Paul Traina Sender: security-owner@freebsd.org Precedence: bulk From: Bill Trost Subject: Re: Do we *really* need logger(1)? Brian Tao writes: it dawned on me that logger(1) could be a hacker's dream. Logger requires no special permissions to run; anyone can run such a program. Better yet, anyone could run such a program anywhere on the Internet, so syslogd(8) can also be used as a remote disk-filling service. (And, since it's UDP-based, you can't tcp-wrap it...). Since syslogd runs as root.... Gads, why? Require that files specified in syslog.conf be writeable by user syslog, and put user syslog in group tty (to handle broadcasts to all users), and syslogd can setuid to syslog as soon as it has its sockets open. All these root-level daemons floating around is a disaster waiting to happen. Certainly something as simple as syslog doesn't need that kind of privilege. Bzzzt. If your disk fills up, you want syslog to be able to operate until it goes to 110%. Unless you run as root or modify the kernel, you lose.