From owner-freebsd-security  Wed Jan  6 04:34:09 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id EAA10657
          for freebsd-security-outgoing; Wed, 6 Jan 1999 04:34:09 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.149.24])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA10646
          for <freebsd-security@FreeBSD.ORG>; Wed, 6 Jan 1999 04:34:04 -0800 (PST)
          (envelope-from avalon@cheops.anu.edu.au)
Received: (from avalon@localhost)
	by cheops.anu.edu.au (8.9.1/8.9.1) id XAA25787;
	Wed, 6 Jan 1999 23:21:20 +1100 (EDT)
From: Darren Reed <avalon@coombs.anu.edu.au>
Message-Id: <199901061221.XAA25787@cheops.anu.edu.au>
Subject: Re: kernel/syslogd hack
To: vadim@tversu.ru (Vadim Kolontsov)
Date: Wed, 6 Jan 1999 23:21:20 +1100 (EDT)
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <19990106140415.B14924@tversu.ru> from "Vadim Kolontsov" at Jan 6, 99 02:04:15 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In some mail from Vadim Kolontsov, sie said:
> 
> Hi,
> 
> On Wed, Jan 06, 1999 at 09:44:37PM +1100, Darren Reed wrote:
> 
> > > > # mkdir /var/run/log.d
> > > > # chmod 700 /var/run/log.d
> > > > # ln -s /var/run/log.d/log /var/run/log
> > > > # syslogd -p /var/run/log/log
> > > 
> > >   Sorry, I didn't understand you. In which cases would it help?
> > 
> > The above stops non-root from sending syslog messages, locally.
> 
>   I understand it, but I didn't understand in which *real* cases
> it can be useful? 
>  
>   I can create "log" group and put all syslog()ing programs into it.. but I 
> still don't sure it's useful.

Your initial concern was that using programs like logger(1), people could
supply fake log messages.  The above prevents that (if UDP is shut off
also) from hapenning locally.  Isn't that part of what you wanted to do ?

Afterall, how many programs is Joe Bloggs likely to run that will generate
syslog messages ?

Darren

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message