Bugtraq mailing list archives

Re: local users can panic linux kernel (was: SuSE syslogdadvisory)

From: babinebell () TRUSTCENTER DE (Goetz Babin-Ebell)
Date: Wed, 24 Nov 1999 11:21:43 +0100


At 17:21 23.11.99 -0500, Shafik Yaghmour wrote:

      So if you have a high system load it is okay to have some of the
syslog messages lost? Hmm, I dunno, IMHO it is never okay, I mean why
should you open up the opportunity at all. You know, security based on
something being "not so prone to failure" doesn't exactly make me feel
warm and cozy.


For the connection of syslogd there seems to be two solutions:

* datagram sockets / connection less:
  - messages could get lost on transport
  + no resource exhaustion possible,
    malicious client can't bring service down
* stream sockets / connection based:
  + no messages could get lost on transport
  - resource exhaustion possible,
    malicious client can bring service down

Both solutions have advantages and disadvantages.

By

Goetz

--
Goetz Babin-Ebell                      mailto:babinebell () trustcenter de
TC Trust Center for Security           http://www.trustcenter.de
in Data Networks GmbH                  Tel.: +49-40-80 80 26-0
Sonninstr. 24-28 / 20097 Hamburg / Germany  Fax.: +49-40-80 80 26-126

Current thread:

Netscape Communicator 4.7 - Navigator Overflows, (continued)
- - - Netscape Communicator 4.7 - Navigator Overflows Mike Boto (Nov 24)
    - BindView Security Advisory: SSR Denial of Service BindView Security Advisory (Nov 24)
    - Re: BindView Security Advisory: SSR Denial of Service Alan Cox (Nov 24)
    - Oracle 8i questions Brock Tellier (Nov 23)
    - Printer Vulnerabilities (Tektronix and JetDirect) Elias Levy (Nov 23)
    - Re: local users can panic linux kernel (was: SuSE syslogd advisory) Darren Reed (Nov 20)
    - Re: local users can panic linux kernel (was: SuSE syslogd advisory) Cy Schubert - ITSD Open Systems Group (Nov 23)
    - Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Jefferson Ogata (Nov 23)
    - Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Shafik Yaghmour (Nov 23)
    - Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Olaf Kirch (Nov 24)
    - Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Goetz Babin-Ebell (Nov 24)
    - more about IP ID antirez () INVECE ORG (Nov 20)
    - FreeBSD sysinstall Jonas Eriksson (Nov 20)
    - Re: local users can panic linux kernel (was: SuSE syslogd advisory) Malcolm Beattie (Nov 22)
    - DNA-1999-001: NetTerm FTP Daemon vulnerabilities Jeremy Iverson (Nov 22)
    - Microsoft Security Bulletin (MS99-043) Aleph One (Nov 17)
    - Re: Microsoft Security Bulletin (MS99-043) John Madden (Nov 18)