From owner-freebsd-security  Wed Jan  6 16:36:49 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA00880
          for freebsd-security-outgoing; Wed, 6 Jan 1999 16:36:49 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from tversu.ru (mail.tversu.ru [62.76.80.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA00862
          for <freebsd-security@FreeBSD.ORG>; Wed, 6 Jan 1999 16:36:24 -0800 (PST)
          (envelope-from vadim@gala.tversu.ru)
Received: from gala.tversu.ru (vadim@gala.tversu.ru [62.76.80.10])
	by tversu.ru (8.8.8/8.8.8) with ESMTP id DAA06478;
	Thu, 7 Jan 1999 03:33:27 +0300 (MSK)
Received: (from vadim@localhost)
	by gala.tversu.ru (8.8.8/8.8.8) id DAA26869;
	Thu, 7 Jan 1999 03:35:22 +0300 (MSK)
Date: Thu, 7 Jan 1999 03:35:22 +0300
From: Vadim Kolontsov <vadim@tversu.ru>
To: Don Lewis <Don.Lewis@tsc.tdk.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: kernel/syslogd hack
Message-ID: <19990107033522.B26805@tversu.ru>
References: <vadim@tversu.ru> <199901070023.QAA02193@salsa.gv.tsc.tdk.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.94.15i
In-Reply-To: <199901070023.QAA02193@salsa.gv.tsc.tdk.com>; from Don Lewis on Wed, Jan 06, 1999 at 04:23:52PM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hello,

On Wed, Jan 06, 1999 at 04:23:52PM -0800, Don Lewis wrote:

> } > If you wanted to use SCM_CREDS, you'd need to tweak syslog() and rebuild
> } > the shared library.  I don't think this is too much of a disadvantage.
> } 
> }   Who will rebuild all binary-only FreeBSD/Linux apps, available on the market?
> } Not all of them use shared libraries.
> 
> I suspect that not many of those that are statically linked call syslog().
> 
> If syslogd received a message without the credentials, it could log the
> information that it was handed with an indication that the information
> may not be trustworthy.

  Yes, it's clear. And I like this approach much better than my
attempts. So if everybody think that using SCM_CREDS is a good idea,
may be it should be included in -current? It will not break anything
(the only thing which will be changed is log format, but using new
feature can be optional -- just another option for syslogd). And it's
not hard to implement.

Regards,
V.
-- 
Vadim Kolontsov
Tver Internet Center NOC

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message