Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: solaris 251 & syslogd

From: security () KINCH ARK COM (Dave Kinchlea)
Date: Wed, 12 Nov 1997 11:12:35 -0800

A small point but, with use of the `mark' facility in syslog, and proper
monitoring for it, you can and should be able to detect syslogd either
dying or refusing to write to files (amounts to the same thing). No news
is NOT good news, but knowing that we can key on it.

This is not intended to say that what you found is not a bug, just that
there is a way to detect it.

cheers, kinch

On Wed, 12 Nov 1997, Michael Helm wrote:


I'm not having very good luck with the patch mentioned here
(among other places) for syslogd on solaris.  Patch 103738-05
may solve the immediate security problem, but at least for me,
as soon as you attempt to restart it (SIGHUP), it stops writing
messages to any of its files.  This is usually done automatically
by scripts that close old log files & open new (empty) ones;
they stay empty.  Unless you go looking for this, you will not
notice it for a while (swatch or your other monitors will be
happy &c).  No news is not good news in this case ; I see this
as a pretty big security problem in its own right.
Previous By Date Next
Previous By Thread Next

Current thread: