Re: Possible syslogd DoS ?

[Robert van der Meulen <rvdm () wiretrip org>]

Quoting Pavel Kankovsky (peak () argo troja mff cuni cz):
> 2. implement a method allowing syslogd to identify a subject sending
>    messages and...
>    2a. make syslogd record that information (making syslog
>        spamming accountable and punishable)
>    2b. implement some kind of quotas in syslogd using
>        this information
This doesn't fill up the harddisk, but creates a DoS attack against syslog
(which was already present); so this only fixes the problem for people who
have their logs on partitions that shouldn't fill up.

There are a couple of problems that need to be solved:
- Everyone can fill up a partition by logging things to syslog
- Syslog can't log anymore when the partition where the log resides gets
  full

IMHO, the second problem can't be solved; diskspace is always finite.
Rotating is not an option, cyclic logging is not an option - Bad Luck.
So what does need fixing, is the
'everyone-can-fill-up-the-logfile-partition' problem, for which i think the
'sysloggers' group method sounds like a good solution.

Greets,
        Robert

-- 
                              Linux Generation
   encrypted mail preferred. finger rvdm () debian org for my GnuPG/PGP key.
                 "well you should probably thank me anyway, 
            those disks needed a major clean up :)"   -- Cracker