Vulnerability Development mailing list archives

Re: /dev/urandom | logger "issue"

From: Eilert Brinkmann <eilert () INFORMATIK UNI-BREMEN DE>
Date: Tue, 22 Aug 2000 14:14:16 +0200

Vitaly McLain <twistah () DATASURGE NET> wrote:

I know I'll probably wind up sounding like an idiot, but why is that on
Linux boxes normal users have so much access to /var/log/messages via
"logger"?


Normal users should not (and usually don't) have direct write access
to /var/log/messages. But they have write access to the socket
/dev/log from which syslogd reads the messages it writes to the
logfiles. logger simply calls the library function syslog() which
writes the message to /dev/log. It is quite normal that everyone can
create log messages, because some programs that may be run by any user
are expected to do so. Especially it would be a very bad idea to
require all programs that need to create log messages to run with root
priviledges.

Couldn't "logger" at least log which user sent this input to logger? It'd be
nice, otherwise it'd be hard to track down.


Without further mesures this wouldn't be reliable. Everyone can call
syslog() or write to /dev/log directly, so simply changing logger
wouldn't enforce the user name logging.

I am betting this has to do with bad permissions on my /var/log/messages,
though I am sure I've seen this on other machines. What do you guys think?


The permissions on /var/log/messages and the other logfiles are
irrelevant in this respect. Sure, they shouldn't permit direct write
access for non-root users in order to prevent manipulation of
logfiles, but sending syslog messages is done via /dev/log.

The only way I can see would be to change the permissions on /dev/log
to restrict write access to a specific group. This way only members of
this group can create syslog messages. At least all (system-)accounts
used to run daemons and other programs that are expected to write
syslog messages must be members of this group.

Other users could be enabled to write to syslog by a modified version
of logger which is SGID to this group and includes the caller's
username in the message, but this would at least be inefficient for
programs that otherwise would have directly used syslog() and might
break existing programs. So it's up to you to decide whether such an
setup is appropriate for your machines or not.

Eilert
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       Eilert Brinkmann -- Universitaet Bremen -- FB 3, Informatik
eilert () informatik uni-bremen de - eilert () tzi org - eilert () linuxfreak com
              http://www.informatik.uni-bremen.de/~eilert/

Current thread:

/dev/urandom | logger "issue" Vitaly McLain (Aug 21)
- Re: /dev/urandom | logger "issue" Bluefish (P.Magnusson) (Aug 22)
- Re: /dev/urandom | logger "issue" Eilert Brinkmann (Aug 22)
- Re: /dev/urandom | logger "issue" Michal Zalewski (Aug 22)
- Re: /dev/urandom | logger "issue" Matt Wilson (Aug 22)
- Re: /dev/urandom | logger "issue" Bill Pennington (Aug 22)
- <Possible follow-ups>
- Re: /dev/urandom | logger "issue" Larry D'Anna (Aug 23)
  - Re: /dev/urandom | logger "issue" Sarel J. Botha (Aug 23)
  - Re: /dev/urandom | logger "issue" Alfonso De Gregorio (Aug 23)
  - Re: /dev/urandom | logger "issue" Matt Wilson (Aug 23)
  - Re: /dev/urandom | logger "issue" H D Moore (Aug 27)
    - Re: /dev/urandom | logger "issue" Sarel J. Botha (Aug 27)
    - Re: /dev/urandom | logger "issue" M ixter (Aug 28)

(Thread continues...)