Bugtraq mailing list archives
Re: Exploit for Linux wu.ftpd hole
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Thu, 6 Jul 1995 06:39:06 -0400
There also apepars to be a bug in syslog. If you do something like:
grep -v "ROOT" messages > mmm; mv mmm messages
logging is disabled. I suspect this problem is that the file pointer maintained by syslog is getting ahead of the physical EOF, and thus writes will fail, but this is just a guess,
Every syslogd I've ever seen behaves this way. The problem is that syslogd doesn't close and re-open the messages file; rather, it keeps its original file descriptor around. Thus, syslogd is still writing messages to the same file it's been writing to all along. But the mv destroyed that file's only name, so there's no way for anyone else to access it; it's become a classic case of "unlinked but still open" and will stay that way until syslogd closes it, at which point it will be truly deleted. This is why rotate-syslog-files scripts always send syslogd a SIGHUP, because that makes it (among other things) close and reopen its logfiles. der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Re: SM 8.6.12, (continued)
- Re: SM 8.6.12 System Administrator (Jul 18)
- ANNOUNCEMENT: Ssh (Secure Shell) remote login program Kayvan Sylvan (Jul 18)
- HP bomb barded my email with it FAQ (fwd) Dr. Frederick B. Cohen (Jul 19)
- Re: HP bomb barded my email with it FAQ (fwd) Allen J. Newton (Jul 20)
- Re: Exploit for Linux wu.ftpd hole Stan Barber (Jul 05)
- Re: Exploit for Linux wu.ftpd hole John Adams (Jul 05)
- Re: Exploit for Linux wu.ftpd hole bt (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Marek Michalkiewicz (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Pete Shipley (Jul 05)
- Yggdrasil Linux (mis)configuration problem Paul Tony Watson (Jul 06)
- Re: Exploit for Linux wu.ftpd hole bt (Jul 05)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 06)
- Re: Exploit for Linux wu.ftpd hole William McVey - wam (Jul 07)
- Re: Exploit for Linux wu.ftpd hole Simon Burr (Jul 09)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 08)
- Re: Exploit for Linux wu.ftpd hole der Mouse (Jul 09)