[12692] in bugtraq
Re: local users can panic linux kernel (was: SuSE syslogd
daemon@ATHENA.MIT.EDU (Alan Cox)
Tue Nov 23 01:39:07 1999
Content-Type: text
Message-Id: <E11q14h-0004Ai-00@the-village.bc.nu>
Date: Mon, 22 Nov 1999 21:32:38 +0000
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To: saw@MSU.RU
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19991120120126.A14799@castle.nmd.msu.ru> from "Savochkin Andrey
Vladimirovich" at Nov 20, 99 12:01:26 pm
> It isn't clear for me what can be done to protect the whole system inside
> syslogd. Does anybody knows what SuSE really changed?
> Their source package isn't very helpful.
There were two notable problems
1. Syslogd defaulted to stream sockets which means you have resource
control problems - in fact Dan Bernstein posted some very good stuff
about that issue about a year ago
2. The client code decided it would be a good idea to wait - ie do a
blocking connect. Unfortunate it someone ate all the syslog handles
With a datagram system it comes down to losing messages under load. I think that
is about as good as you can get.
Alan
