[12743] in bugtraq
Re: local users can panic linux kernel (was: SuSE syslogdadvisory)
daemon@ATHENA.MIT.EDU (Alessandro Rubini)
Fri Nov 26 13:01:04 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19991126134858.36872@morgana.systemy.it>
Date: Fri, 26 Nov 1999 13:48:58 +0100
Reply-To: rubini@pop.systemy.it
From: Alessandro Rubini <rubini@LINUX.IT>
X-To: Paul.Boyer@PAULBOYER.ORG
To: BUGTRAQ@SECURITYFOCUS.COM
> <Linux specific>
> I could make that trouble happen while testing by overloading the kernel
> logging facility with a dumb logger ipchains policy looking like [...]
The behaviour you describe only applies to kernel-generated log messages.
This is because kernel messages are put in a circular buffer for later
retrivial by user space (when syslogd gets scheduled for execution).
If the buffer overlaps, you loose one-buffer-worth of data. Use of a
dynamic buffer for kernel messages would not be wise, as it might lead
to an easy DoS attack.
> (BTW, if anyone could tell me how to increase that buffer, I'm still
> interested)
It wouldn't really help, in my opinion: you'll loose data more rarely,
but you'll loose much more data when that happens. Anyways,
change LOG_BUF_LEN in kernel/printk.c.
/alessandro
