Package: klogd
Version: 1.4.1-18
Severity: wishlist
Hi,
Ubuntu's klogd has a -P option that does this:
-P path
Use path instead of /proc/kmsg as the source of the kernel
message. Specify "-" to read from standard input. This
allows klogd to run entirely without root privileges.
The idea then is to use a dd process to shovel messages from /proc/kmsg into
a fifo for klogd to read.
The security benefits, while admittedly somewhat far-fetched, should be
obvious (an attacker can theoretically exercise some control over the
messages the kernel logs, so a bug in klogd could conceivably be exploited
in this manner).
Additionally, this seems to work around a problem where klogd used to
"garble" kernel messages when they were arriving at a high rate (this isn't
easy to describe and probably impossible to reproduce on purpose: it's as if
some lines were logged incompletely, or fragments of other lines inserted).
Since Ubuntu obviously has a patch for -P, it shouldn't be hard to include
it in Debian's klogd too.
Andras
--
Andras Korn <korn at chardonnay.math.bme.hu>
<http://chardonnay.math.bme.hu/~korn/> QOTD:
Energizer Bunny arrested. Charged with battery.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
