Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 06 Sep 1995 20:10:23 -0700
From:      Bill Trost <trost@cloud.rain.com>
To:        freebsd-security@freebsd.org
Subject:   syslogd as root?
Message-ID:  <m0sqXM7-00004yC@cloud.rain.com>
In-Reply-To: Your message of Wed, 06 Sep 1995 12:55:57 PDT. <199509061955.MAA12996@precipice.shockwave.com> 
References:  <199509061955.MAA12996@precipice.shockwave.com> 

next in thread | previous in thread | raw e-mail | index | archive | help
Paul Traina writes:
      From: Bill Trost <trost@cloud.rain.com>

      Require that files specified in syslog.conf be writeable
      by user syslog, and put user syslog in group tty (to handle broadcasts
      to all users), and syslogd can setuid to syslog as soon as it has its
      sockets open.

    If your disk fills up, you want syslog to be able to operate until
    it goes to 110%.  Unless you run as root or modify the kernel, you
    lose.

Or unless you run tunefs on the partition(s) containing the log files
(thereby allowing anyone to fill up the partition(s) syslog writes to
-- as if they can't already).

Nits aside, I can't decide whether letting syslogd "really" fill up
the disk is a win or not.  Certainly from a security standpoint (what
was the name of this mailing list again?  (-:  ) there is little
difference, given that syslogd is vulnerable to spam attacks.

So -- why do I want syslogd to be capable of completely filling the disk?



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0sqXM7-00004yC>