Vulnerability Development mailing list archives

Re: /dev/urandom | logger "issue"

From: "Larry D'Anna" <larry () pink dhs org>
Date: Wed, 23 Aug 2000 01:51:25 -0400

* Vitaly McLain (twistah () DATASURGE NET) [000822 01:34]:

Hi,

I know I'll probably wind up sounding like an idiot, but why is that on
Linux boxes normal users have so much access to /var/log/messages via
"logger"? Any user can do:

cat /dev/urandom | logger &

A couple of those will make "messages" look corrupted and fill up your
hard-drive. The worst part is lines like:
Aug 21 12:42:10 bizkit logger: I^[Ö)~z¼v*^Wf^D
Aug 21 12:42:10 bizkit logger: ^]"Àµ_®ý¼P^S¯,´yäOsñÑ¾+^_^B÷tL3#^WmÓnåbÜ^OÝ

Couldn't "logger" at least log which user sent this input to logger? It'd be
nice, otherwise it'd be hard to track down.


Is it possible to get the uid of the process at the other end of a
unix domain socket?  If so then why not have syslogd get the uid and
record who logged each message?

        --larry

Current thread:

/dev/urandom | logger "issue" Vitaly McLain (Aug 21)
- Re: /dev/urandom | logger "issue" Bluefish (P.Magnusson) (Aug 22)
- Re: /dev/urandom | logger "issue" Eilert Brinkmann (Aug 22)
- Re: /dev/urandom | logger "issue" Michal Zalewski (Aug 22)
- Re: /dev/urandom | logger "issue" Matt Wilson (Aug 22)
- Re: /dev/urandom | logger "issue" Bill Pennington (Aug 22)
- <Possible follow-ups>
- Re: /dev/urandom | logger "issue" Larry D'Anna (Aug 23)
  - Re: /dev/urandom | logger "issue" Sarel J. Botha (Aug 23)
  - Re: /dev/urandom | logger "issue" Alfonso De Gregorio (Aug 23)
  - Re: /dev/urandom | logger "issue" Matt Wilson (Aug 23)
  - Re: /dev/urandom | logger "issue" H D Moore (Aug 27)
    - Re: /dev/urandom | logger "issue" Sarel J. Botha (Aug 27)
    - Re: /dev/urandom | logger "issue" M ixter (Aug 28)
    - Re: /dev/urandom | logger "issue" Kev (Aug 28)