Re: local users can panic linux kernel (was: SuSE syslogdadvisory)

[rubini () LINUX IT (Alessandro Rubini)]

> <Linux specific>
> I could make that trouble happen while testing by overloading the kernel
> logging facility with a dumb logger ipchains policy looking like [...]

The behaviour you describe only applies to kernel-generated log messages.

This is because kernel messages are put in a circular buffer for later
retrivial by user space (when syslogd gets scheduled for execution).

If the buffer overlaps, you loose one-buffer-worth of data. Use of a
dynamic buffer for kernel messages would not be wise, as it might lead
to an easy DoS attack.

> (BTW, if anyone could tell me how to increase that buffer, I'm still
> interested)

It wouldn't really help, in my opinion: you'll loose data more rarely,
but you'll loose much more data when that happens. Anyways,
change LOG_BUF_LEN in kernel/printk.c.

/alessandro