[12716] in bugtraq

home help back first fref pref prev next nref lref last post

Re: local users can panic linux kernel (was: SuSE syslogdadvisory)

daemon@ATHENA.MIT.EDU (Olaf Kirch)
Wed Nov 24 12:28:02 1999

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id:  <19991124101108.B16373@monad.swb.de>
Date:         Wed, 24 Nov 1999 10:11:08 +0100
Reply-To: Olaf Kirch <okir@MONAD.SWB.DE>
From: Olaf Kirch <okir@MONAD.SWB.DE>
X-To:         Shafik Yaghmour <shafik@acm.poly.edu>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <Pine.BSF.3.96.991123170404.8364A-100000@acm.poly.edu>; from
              Shafik Yaghmour on Tue, Nov 23, 1999 at 05:21:35PM -0500

On Tue, Nov 23, 1999 at 05:21:35PM -0500, Shafik Yaghmour wrote:
> 	So if you have a high system load it is okay to have some of the
> syslog messages lost? Hmm, I dunno, IMHO it is never okay, I mean why
> should you open up the opportunity at all. You know, security based on
> something being "not so prone to failure" doesn't exactly make me feel
> warm and cozy.

As long as syslog uses a connected socket (which it does), and doesn't
flag MSG_NOWAIT (which it doesn't), there isn't anything in the kernel
source that looks like the code will fail under cpu/memory/whatever
contention.

Just because UDP datagrams are unreliable that doesn't mean that UNIX
datagrams are too.

Olaf
--
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@caldera.de    +-------------------- Why Not?! -----------------------
         UNIX, n.: Spanish manufacturer of fire extinguishers.

home help back first fref pref prev next nref lref last post