Date: Wed, 06 Sep 1995 20:10:23 -0700 From: Bill Trost <trost@cloud.rain.com> To: freebsd-security@freebsd.org Subject: syslogd as root? Message-ID: <m0sqXM7-00004yC@cloud.rain.com> In-Reply-To: Your message of Wed, 06 Sep 1995 12:55:57 PDT. <199509061955.MAA12996@precipice.shockwave.com> References: <199509061955.MAA12996@precipice.shockwave.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Traina writes: From: Bill Trost <trost@cloud.rain.com> Require that files specified in syslog.conf be writeable by user syslog, and put user syslog in group tty (to handle broadcasts to all users), and syslogd can setuid to syslog as soon as it has its sockets open. If your disk fills up, you want syslog to be able to operate until it goes to 110%. Unless you run as root or modify the kernel, you lose. Or unless you run tunefs on the partition(s) containing the log files (thereby allowing anyone to fill up the partition(s) syslog writes to -- as if they can't already). Nits aside, I can't decide whether letting syslogd "really" fill up the disk is a win or not. Certainly from a security standpoint (what was the name of this mailing list again? (-: ) there is little difference, given that syslogd is vulnerable to spam attacks. So -- why do I want syslogd to be capable of completely filling the disk?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0sqXM7-00004yC>