Vulnerability Development mailing list archives
Re: /dev/urandom | logger "issue"
From: Eilert Brinkmann <eilert () INFORMATIK UNI-BREMEN DE>
Date: Tue, 22 Aug 2000 14:14:16 +0200
Vitaly McLain <twistah () DATASURGE NET> wrote:
I know I'll probably wind up sounding like an idiot, but why is that on Linux boxes normal users have so much access to /var/log/messages via "logger"?
Normal users should not (and usually don't) have direct write access to /var/log/messages. But they have write access to the socket /dev/log from which syslogd reads the messages it writes to the logfiles. logger simply calls the library function syslog() which writes the message to /dev/log. It is quite normal that everyone can create log messages, because some programs that may be run by any user are expected to do so. Especially it would be a very bad idea to require all programs that need to create log messages to run with root priviledges.
Couldn't "logger" at least log which user sent this input to logger? It'd be nice, otherwise it'd be hard to track down.
Without further mesures this wouldn't be reliable. Everyone can call syslog() or write to /dev/log directly, so simply changing logger wouldn't enforce the user name logging.
I am betting this has to do with bad permissions on my /var/log/messages, though I am sure I've seen this on other machines. What do you guys think?
The permissions on /var/log/messages and the other logfiles are irrelevant in this respect. Sure, they shouldn't permit direct write access for non-root users in order to prevent manipulation of logfiles, but sending syslog messages is done via /dev/log. The only way I can see would be to change the permissions on /dev/log to restrict write access to a specific group. This way only members of this group can create syslog messages. At least all (system-)accounts used to run daemons and other programs that are expected to write syslog messages must be members of this group. Other users could be enabled to write to syslog by a modified version of logger which is SGID to this group and includes the caller's username in the message, but this would at least be inefficient for programs that otherwise would have directly used syslog() and might break existing programs. So it's up to you to decide whether such an setup is appropriate for your machines or not. Eilert -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Eilert Brinkmann -- Universitaet Bremen -- FB 3, Informatik eilert () informatik uni-bremen de - eilert () tzi org - eilert () linuxfreak com http://www.informatik.uni-bremen.de/~eilert/
Current thread:
- /dev/urandom | logger "issue" Vitaly McLain (Aug 21)
- Re: /dev/urandom | logger "issue" Bluefish (P.Magnusson) (Aug 22)
- Re: /dev/urandom | logger "issue" Eilert Brinkmann (Aug 22)
- Re: /dev/urandom | logger "issue" Michal Zalewski (Aug 22)
- Re: /dev/urandom | logger "issue" Matt Wilson (Aug 22)
- Re: /dev/urandom | logger "issue" Bill Pennington (Aug 22)
- <Possible follow-ups>
- Re: /dev/urandom | logger "issue" Larry D'Anna (Aug 23)
- Re: /dev/urandom | logger "issue" Sarel J. Botha (Aug 23)
- Re: /dev/urandom | logger "issue" Alfonso De Gregorio (Aug 23)
- Re: /dev/urandom | logger "issue" Matt Wilson (Aug 23)
- Re: /dev/urandom | logger "issue" H D Moore (Aug 27)
- Re: /dev/urandom | logger "issue" Sarel J. Botha (Aug 27)
- Re: /dev/urandom | logger "issue" M ixter (Aug 28)