Bugtraq mailing list archives
Re: local users can panic linux kernel (was: SuSE syslogd advisory)
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Sat, 20 Nov 1999 22:52:55 +1100
In some mail from Mixter, sie said:
The impact of the syslogd Denial Of Service vulnerability seems to be bigger than expected. I found that syslog could not be stopped from responding by one or a few connections, since it uses select() calls to synchronously manage the connections to /dev/log. I made an attempt with the attached test code, which makes about 2000 connects to syslog, using multiple processes, and my system instantly died with the message: 'Kernel panic: can't push onto full stack'
Given that most other platforms use datagram sockets (of one type or another) for syslog, can anyone explain the benefit of using streams sockets ? FWIW, even the STREAMS driver used by Solaris has better operational properties than this (only one receiving device). A naive guess is to provide better reliability of sent messages. Denial of Service issues (with datagram mode - flooding of packets) are still present, just different and are arguably more difficult to deal with for little overall gain. I'd venture to say that in a friendly environment, there is no benefit in using stream sockets and in an unfriendly one, perhaps even disadvantages. Darren
Current thread:
- Re: Netscape communicator 4.x Javascript security flaw, (continued)
- Re: Netscape communicator 4.x Javascript security flaw Ahmed Ghandour (Nov 26)
- Windows NT 4.0 Service Pack 6A Breaks IP Forwarding Brendan Howes (Nov 25)
- Oracle Web Listener Mnemonix (Nov 25)
- [w00giving '99 #6]: UnixWare 7's Xsco Matt Conover (Nov 25)
- Re: Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper) Mark Seiden (Nov 24)
- Netscape Communicator 4.7 - Navigator Overflows Mike Boto (Nov 24)
- BindView Security Advisory: SSR Denial of Service BindView Security Advisory (Nov 24)
- Re: BindView Security Advisory: SSR Denial of Service Alan Cox (Nov 24)
- Oracle 8i questions Brock Tellier (Nov 23)
- Printer Vulnerabilities (Tektronix and JetDirect) Elias Levy (Nov 23)
- Re: local users can panic linux kernel (was: SuSE syslogd advisory) Darren Reed (Nov 20)
- Re: local users can panic linux kernel (was: SuSE syslogd advisory) Cy Schubert - ITSD Open Systems Group (Nov 23)
- Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Jefferson Ogata (Nov 23)
- Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Shafik Yaghmour (Nov 23)
- Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Olaf Kirch (Nov 24)
- Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Goetz Babin-Ebell (Nov 24)
- more about IP ID antirez () INVECE ORG (Nov 20)
- FreeBSD sysinstall Jonas Eriksson (Nov 20)
- Re: local users can panic linux kernel (was: SuSE syslogd advisory) Malcolm Beattie (Nov 22)
- DNA-1999-001: NetTerm FTP Daemon vulnerabilities Jeremy Iverson (Nov 22)
- Microsoft Security Bulletin (MS99-043) Aleph One (Nov 17)