[7109] in bugtraq
Re: Vulnerability in 4.4BSD Secure Levels Implementation
daemon@ATHENA.MIT.EDU (Roger Harrison ?)
Tue Jun 30 11:29:40 1998
Date: Mon, 29 Jun 1998 20:57:37 -0400
Reply-To: Roger Harrison ? <rharri01@KEPLER.POLY.EDU>
From: Roger Harrison ? <rharri01@KEPLER.POLY.EDU>
X-To: Niall Smart <njs3@DOC.IC.AC.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <E0yqR9w-0007Pv-00@oak67.doc.ic.ac.uk>
On Mon, 29 Jun 1998, Niall Smart wrote:
> On Jun 26, 8:41am, Tim Newsham wrote:
> } Subject: Re: Vulnerability in 4.4BSD Secure Levels Implementation
> > >
> > > - The syslogd daemon can be covertly compromised, so no useful
> > > information ever gets logged to the protected system logs. But at
> > > least no-one can modify the useless information.
> >
> > Be smart, niall, syslog can only be compromised after the system
> > has been compromised.
uhm, not necessarily.
The pinelock.csh script I wrote around 12/97 and posted to bugtraq
could kill syslogd if root opens up two sessions of pine.
It is a local exploit.
http://kepler.poly.edu/~rharri01
iconoclast@thepentagon.com
-Iconoclast
