From owner-freebsd-hackers Tue Mar 12 13:16:43 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from artemis.drwilco.net (diana.drwilco.net [66.48.127.79]) by hub.freebsd.org (Postfix) with ESMTP id 480AC37B402 for ; Tue, 12 Mar 2002 13:16:22 -0800 (PST) Received: from ceres.drwilco.net (docwilco.xs4all.nl [213.84.68.230]) by artemis.drwilco.net (8.11.6/8.11.6) with ESMTP id g2CLF4V01068 (using TLSv1/SSLv3 with cipher DES-CBC3-SHA (168 bits) verified NO); Tue, 12 Mar 2002 16:15:06 -0500 (EST) (envelope-from drwilco@drwilco.net) Message-Id: <5.1.0.14.0.20020312222347.01c3b080@mail.drwilco.net> X-Sender: lists@mail.drwilco.net X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 12 Mar 2002 22:26:06 +0100 To: Giorgos Keramidas From: "Rogier R. Mulhuijzen" Subject: Re: logging securelevel violations Cc: freebsd-hackers@FreeBSD.ORG In-Reply-To: <20020312140732.GC955@hades.hell.gr> References: <5.1.0.14.0.20020312082838.029a6d38@mail.drwilco.net> <5.1.0.14.0.20020311220030.01c3ace0@mail.drwilco.net> <5.1.0.14.0.20020311220030.01c3ace0@mail.drwilco.net> <5.1.0.14.0.20020312082838.029a6d38@mail.drwilco.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 16:07 12-3-2002 +0200, Giorgos Keramidas wrote: >On 2002-03-12 08:29, Rogier R. Mulhuijzen wrote: > > At 02:36 12-3-2002 +0200, Giorgos Keramidas wrote: > > >Rate limiting is still needed: > > > > > > while true ;do > > > echo "" > /dev/ad0 > > > echo "" > /dev/ad1 > > > done > > > > > >This would cause syslogd to go nuts! > > > > crw-r----- 2 root operator 116, 0x00010002 Jan 20 03:13 /dev/ad0 > > > > Only if you're root. > >Well, you get the idea. I meant that syslog will catch the repetitive >messages, only if no other messages are sent between the two or more lines >that match :-( What I meant is, the file permissions on /dev/ad0 stop ordinary users from even reaching the point where the secure level denies the attempt. And so only root can actually trigger the secure level violation log message. So it cannot be used to maliously fill the logs. Unless someone has root, and then you have bigger problems. Doc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message