Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 6 Jan 1999 09:47:01 +0300
From:      Vadim Kolontsov <vadim@tversu.ru>
To:        Don Lewis <Don.Lewis@tsc.tdk.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: kernel/syslogd hack
Message-ID:  <19990106094701.A28727@tversu.ru>
In-Reply-To: <199901060039.QAA13314@salsa.gv.tsc.tdk.com>; from Don Lewis on Tue, Jan 05, 1999 at 04:39:53PM -0800
References:  <vadim@tversu.ru> <199901060039.QAA13314@salsa.gv.tsc.tdk.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,

On Tue, Jan 05, 1999 at 04:39:53PM -0800, Don Lewis wrote:

> }    Advantages: it doesn't require to recompile client applications or
> }    shared libraries, it's completely transparent for clients, can be
> 
> If you wanted to use SCM_CREDS, you'd need to tweak syslog() and rebuild
> the shared library.  I don't think this is too much of a disadvantage.

  Who will rebuild all binary-only FreeBSD/Linux apps, available on the market?
Not all of them use shared libraries.
  I would be happy, anyway, if FreeBSD will you use more secure syslog..

> }    used in other applications (I'm also thinking about some getpeeruid()
> }    call for stream-based UNIX domain sockets -- I think it will just
> }    walk through kernel structures (proc, p_fd, f_data, so_proto,
> }    pr_domain..))
> 
> What if there are multiple processes at the other end?  If a process
> calls connect() and then fork(), the socket created by accept() in the
> server will have multiple peer processes.

  Yes..

> }    Of course this patch doesn't solve problem with syslog/514 UDP. I
> }    know it
> 
> Someone has written a secure syslog protocol that uses encryption, etc.

  it signs local logs, it encrypts it during network transfer, but it
does nothing for the problem I've described -- log socket (AF_UNIX) is available
for everyone and all information is trusted (correct me if I'm wrong)

Regards,
V.
-- 
Vadim Kolontsov
Tver Internet Center NOC

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990106094701.A28727>