Bugtraq mailing list archives
Re: Exploit for Linux wu.ftpd hole
From: newsham () aloha net (Timothy Newsham)
Date: Wed, 5 Jul 1995 17:04:05 -1000
There also apepars to be a bug in syslog. If you do something like: grep -v "ROOT" messages > mmm; mv mmm messages Logging is disabled, I suspect this problem is that the file pointer maintained by syslog is getting ahead of the physical EOF, and thus writes will fail, but this is just a guess, and I havent looked at the source to linux's syslog.
You have to HUP syslogd after doing such things on most syslogd's. syslog usually opens all logs when it starts up and reads the config file. When you HUP the daemon it rereads the config file and reopens the log files. Explanation (you probably know this but I'll be complete): When you remove a file it doesnt go away unless there are no links left to it and no processes have the file open. If syslog still has the file open the file is unlinked from the directory but still exists on disk. Syslog keeps logging to the now invisible file. The new file you make has a new inode number and refers to a completely different file. When you HUP syslogd it closes the old file (making it get deleted from the disk for real) and opens the new file and starts logging normally again.
Current thread:
- Exploit for Linux wu.ftpd hole Henri Karrenbeld (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Karl Strickland (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Larry Kruper (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 08)
- Re: Exploit for Linux wu.ftpd hole Timothy Newsham (Jul 05)
- Linux FIOSETOWN ioctl hole Marek Michalkiewicz (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Darren Reed (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Marc W. Mengel (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 08)
- web site Aleph One (Jul 07)
- Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Dr. Frederick B. Cohen (Jul 09)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Darren Reed (Jul 09)
- updated-secure-w#-daemons Dr. Frederick B. Cohen (Jul 09)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Kent Fitch (Jul 09)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Casper Dik (Jul 10)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 05)