Date: Tue, 12 Mar 2002 22:26:06 +0100 From: "Rogier R. Mulhuijzen" <drwilco@drwilco.net> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: logging securelevel violations Message-ID: <5.1.0.14.0.20020312222347.01c3b080@mail.drwilco.net> In-Reply-To: <20020312140732.GC955@hades.hell.gr> References: <5.1.0.14.0.20020312082838.029a6d38@mail.drwilco.net> <5.1.0.14.0.20020311220030.01c3ace0@mail.drwilco.net> <5.1.0.14.0.20020311220030.01c3ace0@mail.drwilco.net> <5.1.0.14.0.20020312082838.029a6d38@mail.drwilco.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 16:07 12-3-2002 +0200, Giorgos Keramidas wrote:
>On 2002-03-12 08:29, Rogier R. Mulhuijzen wrote:
> > At 02:36 12-3-2002 +0200, Giorgos Keramidas wrote:
> > >Rate limiting is still needed:
> > >
> > > while true ;do
> > > echo "" > /dev/ad0
> > > echo "" > /dev/ad1
> > > done
> > >
> > >This would cause syslogd to go nuts!
> >
> > crw-r----- 2 root operator 116, 0x00010002 Jan 20 03:13 /dev/ad0
> >
> > Only if you're root.
>
>Well, you get the idea. I meant that syslog will catch the repetitive
>messages, only if no other messages are sent between the two or more lines
>that match :-(
What I meant is, the file permissions on /dev/ad0 stop ordinary users from
even reaching the point where the secure level denies the attempt.
And so only root can actually trigger the secure level violation log
message. So it cannot be used to maliously fill the logs. Unless someone
has root, and then you have bigger problems.
Doc
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20020312222347.01c3b080>