In some mail from Mixter, sie said: > > The impact of the syslogd Denial Of Service vulnerability seems to > be bigger than expected. I found that syslog could not be stopped from > responding by one or a few connections, since it uses select() calls > to synchronously manage the connections to /dev/log. I made an attempt > with the attached test code, which makes about 2000 connects to syslog, > using multiple processes, and my system instantly died with the message: > 'Kernel panic: can't push onto full stack' Given that most other platforms use datagram sockets (of one type or another) for syslog, can anyone explain the benefit of using streams sockets ? FWIW, even the STREAMS driver used by Solaris has better operational properties than this (only one receiving device). A naive guess is to provide better reliability of sent messages. Denial of Service issues (with datagram mode - flooding of packets) are still present, just different and are arguably more difficult to deal with for little overall gain. I'd venture to say that in a friendly environment, there is no benefit in using stream sockets and in an unfriendly one, perhaps even disadvantages. Darren
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:46 PDT