Bugtraq mailing list archives
Re: Exploit for Linux wu.ftpd hole
From: karl () bagpuss demon co uk (Karl Strickland)
Date: Thu, 6 Jul 1995 02:57:10 +0100
There also apepars to be a bug in syslog. If you do something like: grep -v "ROOT" messages > mmm; mv mmm messages Logging is disabled, I suspect this problem is that the file pointer maintained by syslog is getting ahead of the physical EOF, and thus writes will fail, but this is just a guess, and I havent looked at the source to linux's syslog.
This is not really a bug in syslog. By executing the above commands, you effectively unlink the file that syslog is writing to. Your new 'mmm' file (which you then rename to messages) is a different to the 'old' messages file - different inode. syslog is quite happy to write to the 'old' file, which still exists until the last reference to it goes away, even though you cant see it. kill -HUP syslog might re-open the file and continue logging as you would expect, but i have not looked at linux's syslog. By the same token though, you could always kill -9 syslog. That would stop logging also. -- ------------------------------------------+----------------------------------- Mailed using ELM on FreeBSD | Karl Strickland PGP 2.3a Public Key Available. | Internet: karl () bagpuss demon co uk |
Current thread:
- Exploit for Linux wu.ftpd hole Henri Karrenbeld (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Karl Strickland (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Larry Kruper (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 08)
- Re: Exploit for Linux wu.ftpd hole Timothy Newsham (Jul 05)
- Linux FIOSETOWN ioctl hole Marek Michalkiewicz (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Darren Reed (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Marc W. Mengel (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 08)
- web site Aleph One (Jul 07)
- Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Dr. Frederick B. Cohen (Jul 09)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Darren Reed (Jul 09)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 05)