Vulnerability Development mailing list archives

Re: /dev/urandom | logger "issue"

From: H D Moore <hdm () SECUREAUSTIN COM>
Date: Sun, 27 Aug 2000 02:48:57 -0500

Even if you added user logging when the logger program is run, what
keeps someone from opening /dev/log and forging thier messages that way?

SuSE 6.4:

srw-rw-rw-   1 root     root            0 Aug 26 15:12 /dev/log

-HD


Larry D'Anna wrote:


* Vitaly McLain (twistah () DATASURGE NET) [000822 01:34]:

Hi,

I know I'll probably wind up sounding like an idiot, but why is that on
Linux boxes normal users have so much access to /var/log/messages via
"logger"? Any user can do:

cat /dev/urandom | logger &

A couple of those will make "messages" look corrupted and fill up your
hard-drive. The worst part is lines like:
Aug 21 12:42:10 bizkit logger: I^[Ö)~z¼v*^Wf^D
Aug 21 12:42:10 bizkit logger: ^]"Àµ_®ý¼P^S¯,´yäOsñÑ¾+^_^B÷tL3#^WmÓnåbÜ^OÝ

Couldn't "logger" at least log which user sent this input to logger? It'd be
nice, otherwise it'd be hard to track down.

Current thread:

/dev/urandom | logger "issue" Vitaly McLain (Aug 21)
- Re: /dev/urandom | logger "issue" Bluefish (P.Magnusson) (Aug 22)
- Re: /dev/urandom | logger "issue" Eilert Brinkmann (Aug 22)
- Re: /dev/urandom | logger "issue" Michal Zalewski (Aug 22)
- Re: /dev/urandom | logger "issue" Matt Wilson (Aug 22)
- Re: /dev/urandom | logger "issue" Bill Pennington (Aug 22)
- <Possible follow-ups>
- Re: /dev/urandom | logger "issue" Larry D'Anna (Aug 23)
  - Re: /dev/urandom | logger "issue" Sarel J. Botha (Aug 23)
  - Re: /dev/urandom | logger "issue" Alfonso De Gregorio (Aug 23)
  - Re: /dev/urandom | logger "issue" Matt Wilson (Aug 23)
  - Re: /dev/urandom | logger "issue" H D Moore (Aug 27)
    - Re: /dev/urandom | logger "issue" Sarel J. Botha (Aug 27)
    - Re: /dev/urandom | logger "issue" M ixter (Aug 28)
    - Re: /dev/urandom | logger "issue" Kev (Aug 28)