[1368] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: libc bugs (was Re: Distributions...)

???@ATHENA.MIT.EDU (Matt)
Sat Jan 4 11:44:49 1997

To: linux-security@tarsier.cv.nrao.edu
From: Matt <panzer@dhp.com>
Date: 2 Jan 1997 19:43:12 GMT
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

Marek Michalkiewicz <marekm@I17LINUXB.ISTS.PWR.WROC.PL> wrote:
: It seems that most of the RedHat 5.3.12 security patches are in the
: standard 5.4.17, except for the patch below.  Also, there are more
: (different) fixes in 5.4.18 (check h_length against sizeof(sin_addr)
: in inet/rcmd.c and inet/rexec.c).
: +                               {
: +                                       syslog(LOG_NOTICE|LOG_AUTH,
: +                                               "Attempt to feed me an overlong A record. Probably a breakin attempt.");
: +                                       host.h_length=4;
: +                               }

This came from the linux-server list.  But reminded me of a something I
wanted to know about.  Is there a standard for people to syslog possible
security violations?  This would make it easier to find them in huge log
files with swatch or other monitoring tools. 

[mod: Except for the LOG_AUTH "priority" field, probably not.... -- REW]

-- 
 -Matt (panzer@dhp.com)  --  DataHaven Project - http://www.dhp.com/
  "That which can never be enforced should not be prohibited."


home help back first fref pref prev next nref lref last post