In some mail from Mixter, sie said:
>
> The impact of the syslogd Denial Of Service vulnerability seems to
> be bigger than expected. I found that syslog could not be stopped from
> responding by one or a few connections, since it uses select() calls
> to synchronously manage the connections to /dev/log. I made an attempt
> with the attached test code, which makes about 2000 connects to syslog,
> using multiple processes, and my system instantly died with the message:
> 'Kernel panic: can't push onto full stack'
Given that most other platforms use datagram sockets (of one type or another)
for syslog, can anyone explain the benefit of using streams sockets ? FWIW,
even the STREAMS driver used by Solaris has better operational properties
than this (only one receiving device).
A naive guess is to provide better reliability of sent messages. Denial of
Service issues (with datagram mode - flooding of packets) are still present,
just different and are arguably more difficult to deal with for little
overall gain. I'd venture to say that in a friendly environment, there is
no benefit in using stream sockets and in an unfriendly one, perhaps even
disadvantages.
Darren
