In message <199911201152.WAA08968at_private>, Darren Reed writes: > In some mail from Mixter, sie said: > > > > The impact of the syslogd Denial Of Service vulnerability seems to > > be bigger than expected. I found that syslog could not be stopped from > > responding by one or a few connections, since it uses select() calls > > to synchronously manage the connections to /dev/log. I made an attempt > > with the attached test code, which makes about 2000 connects to syslog, > > using multiple processes, and my system instantly died with the message: > > 'Kernel panic: can't push onto full stack' > > Given that most other platforms use datagram sockets (of one type or another) > for syslog, can anyone explain the benefit of using streams sockets ? FWIW, > even the STREAMS driver used by Solaris has better operational properties > than this (only one receiving device). > > A naive guess is to provide better reliability of sent messages. Denial of > Service issues (with datagram mode - flooding of packets) are still present, > just different and are arguably more difficult to deal with for little > overall gain. I'd venture to say that in a friendly environment, there is > no benefit in using stream sockets and in an unfriendly one, perhaps even > disadvantages. At the time the Linux syslogd was written (6+ years ago), Linux did not support UNIX domain datagram sockets. Now that it does support datagram sockets, I suspect that no one has bothered to change syslogd to use them. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Sun/DEC Team, UNIX Group Internet: Cy.Schubertat_private ITSD Cy.Schubertat_private Province of BC "e**(i*pi)+1=0"
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:56 PDT