[12721] in bugtraq
Re: local users can panic linux kernel (was: SuSE syslogdadvisory)
daemon@ATHENA.MIT.EDU (Goetz Babin-Ebell)
Wed Nov 24 13:12:32 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <3.0.3.32.19991124112143.00929710@mail>
Date: Wed, 24 Nov 1999 11:21:43 +0100
Reply-To: Goetz Babin-Ebell <babinebell@TRUSTCENTER.DE>
From: Goetz Babin-Ebell <babinebell@TRUSTCENTER.DE>
X-To: Shafik Yaghmour <shafik@acm.poly.edu>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSF.3.96.991123170404.8364A-100000@acm.poly.edu>
At 17:21 23.11.99 -0500, Shafik Yaghmour wrote:
> So if you have a high system load it is okay to have some of the
>syslog messages lost? Hmm, I dunno, IMHO it is never okay, I mean why
>should you open up the opportunity at all. You know, security based on
>something being "not so prone to failure" doesn't exactly make me feel
>warm and cozy.
For the connection of syslogd there seems to be two solutions:
* datagram sockets / connection less:
- messages could get lost on transport
+ no resource exhaustion possible,
malicious client can't bring service down
* stream sockets / connection based:
+ no messages could get lost on transport
- resource exhaustion possible,
malicious client can bring service down
Both solutions have advantages and disadvantages.
By
Goetz
--
Goetz Babin-Ebell mailto:babinebell@trustcenter.de
TC Trust Center for Security http://www.trustcenter.de
in Data Networks GmbH Tel.: +49-40-80 80 26-0
Sonninstr. 24-28 / 20097 Hamburg / Germany Fax.: +49-40-80 80 26-126