Date: Wed, 6 Jan 1999 22:18:30 +1100 (EDT) From: Darren Reed <avalon@coombs.anu.edu.au> To: vadim@tversu.ru (Vadim Kolontsov) Cc: freebsd-security@FreeBSD.ORG Subject: Re: kernel/syslogd hack Message-ID: <199901061118.WAA25076@cheops.anu.edu.au> In-Reply-To: <19990106140415.B14924@tversu.ru> from "Vadim Kolontsov" at Jan 6, 99 02:04:15 pm
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Vadim Kolontsov, sie said: > > Hi, > > On Wed, Jan 06, 1999 at 09:44:37PM +1100, Darren Reed wrote: > > > > > # mkdir /var/run/log.d > > > > # chmod 700 /var/run/log.d > > > > # ln -s /var/run/log.d/log /var/run/log > > > > # syslogd -p /var/run/log/log > > > > > > Sorry, I didn't understand you. In which cases would it help? > > > > The above stops non-root from sending syslog messages, locally. > > I understand it, but I didn't understand in which *real* cases > it can be useful? > > I can create "log" group and put all syslog()ing programs into it.. but I > still don't sure it's useful. The idea is that unless your privilidge group is compromised, then you should not be exposed to fake syslog messages generated by normal users. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901061118.WAA25076>