Vulnerability Development mailing list archives
Re: /dev/urandom | logger "issue"
From: H D Moore <hdm () SECUREAUSTIN COM>
Date: Sun, 27 Aug 2000 02:48:57 -0500
Even if you added user logging when the logger program is run, what keeps someone from opening /dev/log and forging thier messages that way? SuSE 6.4: srw-rw-rw- 1 root root 0 Aug 26 15:12 /dev/log -HD Larry D'Anna wrote:
* Vitaly McLain (twistah () DATASURGE NET) [000822 01:34]:Hi, I know I'll probably wind up sounding like an idiot, but why is that on Linux boxes normal users have so much access to /var/log/messages via "logger"? Any user can do: cat /dev/urandom | logger & A couple of those will make "messages" look corrupted and fill up your hard-drive. The worst part is lines like: Aug 21 12:42:10 bizkit logger: I^[Ö)~z¼v*^Wf^D Aug 21 12:42:10 bizkit logger: ^]"Àµ_®ý¼P^S¯,´yäOsñѾ+^_^B÷tL3#^WmÓnåbÜ^OÝ Couldn't "logger" at least log which user sent this input to logger? It'd be nice, otherwise it'd be hard to track down.
Current thread:
- /dev/urandom | logger "issue" Vitaly McLain (Aug 21)
- Re: /dev/urandom | logger "issue" Bluefish (P.Magnusson) (Aug 22)
- Re: /dev/urandom | logger "issue" Eilert Brinkmann (Aug 22)
- Re: /dev/urandom | logger "issue" Michal Zalewski (Aug 22)
- Re: /dev/urandom | logger "issue" Matt Wilson (Aug 22)
- Re: /dev/urandom | logger "issue" Bill Pennington (Aug 22)
- <Possible follow-ups>
- Re: /dev/urandom | logger "issue" Larry D'Anna (Aug 23)
- Re: /dev/urandom | logger "issue" Sarel J. Botha (Aug 23)
- Re: /dev/urandom | logger "issue" Alfonso De Gregorio (Aug 23)
- Re: /dev/urandom | logger "issue" Matt Wilson (Aug 23)
- Re: /dev/urandom | logger "issue" H D Moore (Aug 27)
- Re: /dev/urandom | logger "issue" Sarel J. Botha (Aug 27)
- Re: /dev/urandom | logger "issue" M ixter (Aug 28)
- Re: /dev/urandom | logger "issue" Kev (Aug 28)