Bugtraq mailing list archives

Re: local users can panic linux kernel (was: SuSE syslogd

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Mon, 22 Nov 1999 21:32:38 +0000

It isn't clear for me what can be done to protect the whole system inside
syslogd.  Does anybody knows what SuSE really changed?
Their source package isn't very helpful.


There were two notable problems

1.      Syslogd defaulted to stream sockets which means you have resource
        control problems - in fact Dan Bernstein posted some very good stuff
        about that issue about a year ago

2.      The client code decided it would be a good idea to wait - ie do a
        blocking connect. Unfortunate it someone ate all the syslog handles

With a datagram system it comes down to losing messages under load. I think that
is about as good as you can get.

Alan

Current thread:

ProFTPd - mod_sqlpw.c, (continued)
- - - ProFTPd - mod_sqlpw.c Todd C. Campbell (Nov 19)
    - Pandora v4 Beta 2 Software Simple Nomad (Nov 19)
  - Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Ussr Labs (Nov 16)
    - Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Seth R Arnold (Nov 17)
    - Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Marc (Nov 17)
    - SuSE Security Announcement - syslogd (a1) Thomas Biege (Nov 18)
    - local users can panic linux kernel (was: SuSE syslogd advisory) Mixter (Nov 18)
    - Re: local users can panic linux kernel (was: SuSE syslogd advisory) Alan Cox (Nov 19)
    - Re: local users can panic linux kernel (was: SuSE syslogd advisory) Savochkin Andrey Vladimirovich (Nov 20)
    - ANN: Bruce v1.0 Early Access 1 - Available for downloa Alec Muffett (Nov 22)
    - Re: local users can panic linux kernel (was: SuSE syslogd Alan Cox (Nov 22)
    - Re: local users can panic linux kernel (was: SuSE syslogd Savochkin Andrey Vladimirovich (Nov 23)
    - Re: local users can panic linux kernel (was: SuSE syslogd Darren Reed (Nov 23)
    - Re: local users can panic linux kernel (was: SuSE syslogd Savochkin Andrey Vladimirovich (Nov 24)
    - Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability Ussr Labs (Nov 24)
    - Remote DoS Attack in BisonWare FTP Server V3.5 Vulnerability Ussr Labs (Nov 24)
    - Re: local users can panic linux kernel (was: SuSE syslogd Darren Reed (Nov 24)
    - [w00giving '99 #5 and w00news]: UnixWare 7's su Matt Conover (Nov 25)
    - Buffer Overflow Survey Paper Crispin Cowan (Nov 22)
    - Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper) Crispin Cowan (Nov 23)
    - [ COBALT ] Security Advisory - Sendmail Jeff Bilicki (Nov 24)

(Thread continues...)