Bugtraq mailing list archives
Re: Exploit for Linux wu.ftpd hole
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Thu, 6 Jul 1995 23:33:15 +1000
[...]
There also apepars to be a bug in syslog. If you do something like: grep -v "ROOT" messages > mmm; mv mmm messages Logging is disabled, I suspect this problem is that the file pointer maintained by syslog is getting ahead of the physical EOF, and thus writes will fail, but this is just a guess, and I havent looked at the source to linux's syslog.
This isn't a bug. Or rather, you don't understand fully what happens here. Just because the file is (now) there, doesn't mean it will be appended to. You need it to reread the syslog.conf file (either restart or kill -HUP). When you do "mv mmm messages", you "delete messages", but syslogd keeps it open and it never gets "deleted" until syslogd closes...to get a better idea of what happens, use ls -li, keeping in mind that open files are known by inode numbers, not names. Oh, using lsof/ofiles/fuser helps to show what really happens. ...which leads to a somewhat curious little number in variations of "newsyslog" which I've seen do essentially this: mv messages messages.0 gzip messages.0 touch messages kill -HUP syslogd ...or any other combination where the compress is before the kill -HUP. Correctly done, the compress should be last.
Current thread:
- Exploit for Linux wu.ftpd hole Henri Karrenbeld (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Karl Strickland (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Larry Kruper (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 08)
- Re: Exploit for Linux wu.ftpd hole Timothy Newsham (Jul 05)
- Linux FIOSETOWN ioctl hole Marek Michalkiewicz (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Darren Reed (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Marc W. Mengel (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 08)
- web site Aleph One (Jul 07)
- Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Dr. Frederick B. Cohen (Jul 09)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Darren Reed (Jul 09)
- updated-secure-w#-daemons Dr. Frederick B. Cohen (Jul 09)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Kent Fitch (Jul 09)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Casper Dik (Jul 10)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Ken Wilcox (Jul 11)
- Exploit+fix for Linux SIGURG Marek Michalkiewicz (Jul 11)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 05)