From owner-freebsd-security Wed Sep 6 17:39:12 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.freebsd.org (8.6.11/8.6.6) id RAA00568 for security-outgoing; Wed, 6 Sep 1995 17:39:12 -0700 Received: from gate.sinica.edu.tw (gate.sinica.edu.tw [140.109.14.2]) by freefall.freebsd.org (8.6.11/8.6.6) with SMTP id RAA00549 for ; Wed, 6 Sep 1995 17:38:57 -0700 Received: by gate.sinica.edu.tw (5.x/SMI-SVR4) id AA27639; Thu, 7 Sep 1995 08:35:48 +0800 Date: Thu, 7 Sep 1995 08:35:48 +0800 (CST) From: Brian Tao To: Paul Traina Cc: freebsd-security@freebsd.org Subject: Re: Do we *really* need logger(1)? In-Reply-To: <199509061955.MAA12996@precipice.shockwave.com> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: security-owner@freebsd.org Precedence: bulk On Wed, 6 Sep 1995, Paul Traina wrote: > > If your disk fills up, you want syslog to be able to operate until it goes to > 110%. Unless you run as root or modify the kernel, you lose. No, you want messages created by root-owned processes to fill your disk to 110% (not that it's a good thing in any case, especially if /var is the same filesystem as /). What we need is credential checking in the syslog() call and syslogd daemon. I imagine any ISP that offers shell access and uses the default syslog.conf is susceptible to a prankster sending *.emerg level notices and getting syslogd to write "SYSTEM REBOOT, LOG OFF NOW!" to the ttys of every online user. -- Brian ("Though this be madness, yet there is method in't") Tao taob@gate.sinica.edu.tw <-- work ........ play --> taob@io.org