From owner-freebsd-security  Sun Jul 11  2: 1:12 1999
Delivered-To: freebsd-security@freebsd.org
Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.76.24])
	by hub.freebsd.org (Postfix) with ESMTP id 0FB2914D3D
	for <security@FreeBSD.ORG>; Sun, 11 Jul 1999 02:01:07 -0700 (PDT)
	(envelope-from avalon@cheops.anu.edu.au)
Received: (from avalon@localhost)
	by cheops.anu.edu.au (8.9.1/8.9.1) id TAA01580;
	Sun, 11 Jul 1999 19:01:26 +1000 (EST)
From: Darren Reed <avalon@coombs.anu.edu.au>
Message-Id: <199907110901.TAA01580@cheops.anu.edu.au>
Subject: Re: Syslog alternatives?
To: imp@village.org (Warner Losh)
Date: Sun, 11 Jul 1999 19:01:25 +1000 (EST)
Cc: alla@sovlink.ru, security@FreeBSD.ORG
In-Reply-To: <199907091625.KAA20308@harmony.village.org> from "Warner Losh" at Jul 9, 99 10:25:55 am
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In some mail from Warner Losh, sie said:
> 
> In message <37859B74.7528C158@sovlink.ru> Alla Bezroutchko writes:
> : Could someone explain me or point me to some resources that explain
> : why syslogd is bad?
> 
> By default, syslogd will accept messages from anybody.  DoS
> implications in doing that are ignored, so it remains vulnerable to a
> fill up the disk attack.  Secure switches make it less vulnerable.
> 
> I don't think that there is anything major enough wrong with syslogd
> to actually try to replace it.  If there are bad things that can
> happen when -s is specified, I'd sure like to know about them.

Think about the issues with fsync().

I'm looking at ways around it, but without threads, it isn't easy.

Darren


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message