[1993] in bugtraq
Re: Exploit for Linux wu.ftpd hole
daemon@ATHENA.MIT.EDU (Karl Strickland)
Thu Jul 6 20:10:34 1995
Date: Thu, 6 Jul 1995 02:57:10 +0100
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Karl Strickland <karl@bagpuss.demon.co.uk>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <Pine.LNX.3.91.950705175939.1572B-100000@phoenix.org> from "Mike
Edulla" at Jul 5, 95 06:06:10 pm
> There also apepars to be a bug in syslog. If you do something like:
>
> grep -v "ROOT" messages > mmm; mv mmm messages
>
> Logging is disabled, I suspect this problem is that the file pointer
> maintained by syslog is getting ahead of the physical EOF, and thus
> writes will fail, but this is just a guess, and I havent looked at the
> source to linux's syslog.
This is not really a bug in syslog. By executing the above commands,
you effectively unlink the file that syslog is writing to. Your new
'mmm' file (which you then rename to messages) is a different to the 'old'
messages file - different inode. syslog is quite happy to write to the 'old'
file, which still exists until the last reference to it goes away, even
though you cant see it.
kill -HUP syslog might re-open the file and continue logging as you would
expect, but i have not looked at linux's syslog.
By the same token though, you could always kill -9 syslog. That would
stop logging also.
--
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD | Karl Strickland
PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk
|
