[12701] in bugtraq
Re: local users can panic linux kernel (was: SuSE syslogd
daemon@ATHENA.MIT.EDU (Cy Schubert - ITSD Open Systems Gr)
Tue Nov 23 14:15:45 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <199911231424.GAA50559@cwsys.cwsent.com>
Date: Tue, 23 Nov 1999 06:23:53 -0800
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@UUMAIL.GOV.BC.CA>
X-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Sat, 20 Nov 1999 22:52:55 +1100."
<199911201152.WAA08968@cairo.anu.edu.au>
In message <199911201152.WAA08968@cairo.anu.edu.au>, Darren Reed writes:
> In some mail from Mixter, sie said:
> >
> > The impact of the syslogd Denial Of Service vulnerability seems to
> > be bigger than expected. I found that syslog could not be stopped from
> > responding by one or a few connections, since it uses select() calls
> > to synchronously manage the connections to /dev/log. I made an attempt
> > with the attached test code, which makes about 2000 connects to syslog,
> > using multiple processes, and my system instantly died with the message:
> > 'Kernel panic: can't push onto full stack'
>
> Given that most other platforms use datagram sockets (of one type or another)
> for syslog, can anyone explain the benefit of using streams sockets ? FWIW,
> even the STREAMS driver used by Solaris has better operational properties
> than this (only one receiving device).
>
> A naive guess is to provide better reliability of sent messages. Denial of
> Service issues (with datagram mode - flooding of packets) are still present,
> just different and are arguably more difficult to deal with for little
> overall gain. I'd venture to say that in a friendly environment, there is
> no benefit in using stream sockets and in an unfriendly one, perhaps even
> disadvantages.
At the time the Linux syslogd was written (6+ years ago), Linux did not
support UNIX domain datagram sockets. Now that it does support
datagram sockets, I suspect that no one has bothered to change syslogd
to use them.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Sun/DEC Team, UNIX Group Internet: Cy.Schubert@uumail.gov.bc.ca
ITSD Cy.Schubert@gems8.gov.bc.ca
Province of BC
"e**(i*pi)+1=0"
