From owner-freebsd-security  Wed Jan  6 18:55:43 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA16737
          for freebsd-security-outgoing; Wed, 6 Jan 1999 18:55:43 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA16728
          for <freebsd-security@FreeBSD.ORG>; Wed, 6 Jan 1999 18:55:39 -0800 (PST)
          (envelope-from gdonl@tsc.tdk.com)
Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191])
	by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id SAA27542;
	Wed, 6 Jan 1999 18:55:05 -0800 (PST)
	(envelope-from gdonl@tsc.tdk.com)
Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194])
	by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id SAA23462;
	Wed, 6 Jan 1999 18:55:03 -0800 (PST)
Received: (from gdonl@localhost)
	by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id SAA02558;
	Wed, 6 Jan 1999 18:55:02 -0800 (PST)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <199901070255.SAA02558@salsa.gv.tsc.tdk.com>
Date: Wed, 6 Jan 1999 18:55:02 -0800
In-Reply-To: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>
       "Re: kernel/syslogd hack" (Jan  7, 12:23pm)
X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95)
To: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>, Don.Lewis@tsc.tdk.com
Subject: Re: kernel/syslogd hack
Cc: freebsd-security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Jan 7, 12:23pm, Peter Jeremy wrote:
} Subject: Re: kernel/syslogd hack
} Don Lewis <Don.Lewis@tsc.tdk.com> wrote:
} >If syslogd received a message without the credentials, it could log the
} >information that it was handed with an indication that the information
} >may not be trustworthy.
} 
} Which immediately returns us to the original problem - which is that
} the current syslog protocol makes DOS attacks trivial.

Add an option to tell syslogd to ignore messages that don't have
credentials?  The only reason I'd make this an option is to allow
for statically linked apps that can't be recompiled.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message