Bugtraq mailing list archives
Re: local users can panic linux kernel (was: SuSE syslogdadvisory)
From: rubini () LINUX IT (Alessandro Rubini)
Date: Fri, 26 Nov 1999 13:48:58 +0100
<Linux specific> I could make that trouble happen while testing by overloading the kernel logging facility with a dumb logger ipchains policy looking like [...]
The behaviour you describe only applies to kernel-generated log messages. This is because kernel messages are put in a circular buffer for later retrivial by user space (when syslogd gets scheduled for execution). If the buffer overlaps, you loose one-buffer-worth of data. Use of a dynamic buffer for kernel messages would not be wise, as it might lead to an easy DoS attack.
(BTW, if anyone could tell me how to increase that buffer, I'm still interested)
It wouldn't really help, in my opinion: you'll loose data more rarely, but you'll loose much more data when that happens. Anyways, change LOG_BUF_LEN in kernel/printk.c. /alessandro
Current thread:
- Re: local users can panic linux kernel (was: SuSE syslogdadvisory) A. Steinmetz (Nov 24)
- Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Paul Boyer (Nov 24)
- [w00giving '99 #7]: UnixWare 7's xlock Matt Conover (Nov 25)
- <Possible follow-ups>
- Re: local users can panic linux kernel (was: SuSE syslogdadvisory) der Mouse (Nov 24)
- Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Alessandro Rubini (Nov 26)