Vulnerability Development mailing list archives
Re: /dev/urandom | logger "issue"
From: Matt Wilson <msw () REDHAT COM>
Date: Tue, 22 Aug 2000 09:57:26 -0400
On Mon, Aug 21, 2000 at 01:10:18PM -0500, Vitaly McLain wrote:
Hi, I know I'll probably wind up sounding like an idiot, but why is that on Linux boxes normal users have so much access to /var/log/messages via "logger"? Any user can do:
Yes, and any user could also do: #include <syslog.h> int main(void) { char buf[1000]; read (0, &buf, sizeof(buf) - 1); openlog("foobar", 0, LOG_USER); syslog (LOG_NOTICE, "%s", buf); closelog(); }
I am betting this has to do with bad permissions on my /var/log/messages, though I am sure I've seen this on other machines. What do you guys think?
No, this has nothing to do with the permissions on /var/log/messages. The messages are posted via the syslog facility. As long as syslog is running you'll be able to send messages via syslog. To deny any process from using syslog(3) would mean quite a bit of work for non-root-running daemons to write genuine messages via syslog. Matt
Current thread:
- /dev/urandom | logger "issue" Vitaly McLain (Aug 21)
- Re: /dev/urandom | logger "issue" Bluefish (P.Magnusson) (Aug 22)
- Re: /dev/urandom | logger "issue" Eilert Brinkmann (Aug 22)
- Re: /dev/urandom | logger "issue" Michal Zalewski (Aug 22)
- Re: /dev/urandom | logger "issue" Matt Wilson (Aug 22)
- Re: /dev/urandom | logger "issue" Bill Pennington (Aug 22)
- <Possible follow-ups>
- Re: /dev/urandom | logger "issue" Larry D'Anna (Aug 23)
- Re: /dev/urandom | logger "issue" Sarel J. Botha (Aug 23)
- Re: /dev/urandom | logger "issue" Alfonso De Gregorio (Aug 23)
- Re: /dev/urandom | logger "issue" Matt Wilson (Aug 23)
- Re: /dev/urandom | logger "issue" H D Moore (Aug 27)
- Re: /dev/urandom | logger "issue" Sarel J. Botha (Aug 27)
- Re: /dev/urandom | logger "issue" M ixter (Aug 28)
- Re: /dev/urandom | logger "issue" Kev (Aug 28)