From owner-freebsd-security Wed Jan 6 03:22:00 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id DAA28456 for freebsd-security-outgoing; Wed, 6 Jan 1999 03:22:00 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.149.24]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA28442 for ; Wed, 6 Jan 1999 03:21:57 -0800 (PST) (envelope-from avalon@cheops.anu.edu.au) Received: (from avalon@localhost) by cheops.anu.edu.au (8.9.1/8.9.1) id WAA25076; Wed, 6 Jan 1999 22:18:30 +1100 (EDT) From: Darren Reed Message-Id: <199901061118.WAA25076@cheops.anu.edu.au> Subject: Re: kernel/syslogd hack To: vadim@tversu.ru (Vadim Kolontsov) Date: Wed, 6 Jan 1999 22:18:30 +1100 (EDT) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <19990106140415.B14924@tversu.ru> from "Vadim Kolontsov" at Jan 6, 99 02:04:15 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Vadim Kolontsov, sie said: > > Hi, > > On Wed, Jan 06, 1999 at 09:44:37PM +1100, Darren Reed wrote: > > > > > # mkdir /var/run/log.d > > > > # chmod 700 /var/run/log.d > > > > # ln -s /var/run/log.d/log /var/run/log > > > > # syslogd -p /var/run/log/log > > > > > > Sorry, I didn't understand you. In which cases would it help? > > > > The above stops non-root from sending syslog messages, locally. > > I understand it, but I didn't understand in which *real* cases > it can be useful? > > I can create "log" group and put all syslog()ing programs into it.. but I > still don't sure it's useful. The idea is that unless your privilidge group is compromised, then you should not be exposed to fake syslog messages generated by normal users. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message