Bugtraq mailing list archives
Re: syslog/udp
From: proff () suburbia apana org au (Julian Assange)
Date: Thu, 24 Feb 1994 15:32:46 +1100 (EST)
The problem is that syslogd will accept any message from anywhere on the net. If you have to accept messages from your local net, this fix is not useful -- if you're only logging things on your local machine (i.e. all programs logging are using syslog(3)), then you can disable logging over UDP.Even worse its only UDP packets, *very very* easy to forge so that you cant even trust the IP address in them.How can we, who are without source code, change this behavior?You can get the Berkeley syslogd code, which is in all likelyhood compatible with your current syslogd.I'm afraid this is not the case. To compile BSD's syslogd code you will have to collect syslogd and rwalld sources and will have to find (or rewrite your own) the daemon() call (I assume this takes you off the tty and forks and has the parent return). Sun's syslogd has at least one feature that the BSD version does not. It doesnt open the syslog.conf for reading directly but rather pipes it through the 'm4' macro processor with the LOGHOST variable set if loghost's address is the same as one of the machines net interfaces. This allows you to use the same syslog.conf file on loghost and non-loghost machines. With BSD's syslog you would have to remove the if() lines in the syslog.conf and make two seperate files.
my version of daemon(): void daemon() { close(0); close(1); close(2); setsid(); if (fork()) _exit(0); } - Julian.
Current thread:
- syslog/udp Tim Newsham (Feb 20)
- <Possible follow-ups>
- Re: syslog/udp Dave Hayes (Feb 22)
- Re: syslog/udp John Hawkinson (Feb 23)
- Security problem in C news and INN Featherlace (Feb 23)
- Re: Security problem in C news and INN Casper Dik (Feb 24)
- Re: Security problem in C news and INN Perry E. Metzger (Feb 24)
- Re: syslog/udp John Hawkinson (Feb 23)
- Re: syslog/udp scott () santafe edu (Feb 23)
- Re: syslog/udp Tim Newsham (Feb 23)
- Re: syslog/udp Julian Assange (Feb 23)
- daemon() Jim Wright (Feb 24)
- Thanks! Dave Hayes (Feb 23)