> It isn't clear for me what can be done to protect the whole system inside
> syslogd. Does anybody knows what SuSE really changed?
> Their source package isn't very helpful.
There were two notable problems
1. Syslogd defaulted to stream sockets which means you have resource
control problems - in fact Dan Bernstein posted some very good stuff
about that issue about a year ago
2. The client code decided it would be a good idea to wait - ie do a
blocking connect. Unfortunate it someone ate all the syslog handles
With a datagram system it comes down to losing messages under load. I think that
is about as good as you can get.
Alan
- SuSE Security Announcement - syslogd... Thomas Biege
- local users can panic linux ker... Mixter
- Re: local users can panic l... Alan Cox
- Re: local users can panic l... Savochkin Andrey Vladimirovich
- Re: local users can pan... Alan Cox
- Re: local users can... Savochkin Andrey Vladimirovich
- Re: local user... Darren Reed
- Re: local ... Savochkin Andrey Vladimirovich
- Re: lo... Darren Reed
- Re: local users can panic l... Darren Reed
- Re: local users can pan... Cy Schubert - ITSD Open Systems Group
- Re: local users can... Jefferson Ogata
- Re: local user... Shafik Yaghmour
- Re: local ... Goetz Babin-Ebell
- Re: local ... Olaf Kirch
