Date: Wed, 6 Jan 1999 16:23:52 -0800 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Vadim Kolontsov <vadim@tversu.ru>, Don Lewis <Don.Lewis@tsc.tdk.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: kernel/syslogd hack Message-ID: <199901070023.QAA02193@salsa.gv.tsc.tdk.com> In-Reply-To: Vadim Kolontsov <vadim@tversu.ru> "Re: kernel/syslogd hack" (Jan 6, 9:47am)
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 6, 9:47am, Vadim Kolontsov wrote: } Subject: Re: kernel/syslogd hack } Hi, } } On Tue, Jan 05, 1999 at 04:39:53PM -0800, Don Lewis wrote: } } > } Advantages: it doesn't require to recompile client applications or } > } shared libraries, it's completely transparent for clients, can be } > } > If you wanted to use SCM_CREDS, you'd need to tweak syslog() and rebuild } > the shared library. I don't think this is too much of a disadvantage. } } Who will rebuild all binary-only FreeBSD/Linux apps, available on the market? } Not all of them use shared libraries. I suspect that not many of those that are statically linked call syslog(). If syslogd received a message without the credentials, it could log the information that it was handed with an indication that the information may not be trustworthy. } > } Of course this patch doesn't solve problem with syslog/514 UDP. I } > } know it } > } > Someone has written a secure syslog protocol that uses encryption, etc. } } it signs local logs, it encrypts it during network transfer, but it } does nothing for the problem I've described -- log socket (AF_UNIX) is available } for everyone and all information is trusted (correct me if I'm wrong) This is correct, but at least it prevents someone from sending totally fabricated (IP source address and all) messages to UDP port 514. Even if the message is signed and encrypted, you still might not be able to trust the sender as much as you can with SCM_CREDS or equivalent. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901070023.QAA02193>