Re: local users can panic linux kernel (was: SuSE syslogdadvisory)

From: Goetz Babin-Ebell (babinebellat_private)
Date: Wed Nov 24 1999 - 02:21:43 PST

Next message: Jeff Bilicki: "[ COBALT ] Security Advisory - Sendmail"

Previous message: Scott Zimmerman: "Re: Operational Issues: Applications & Appliances (was: Buffer"
Next in thread: Olaf Kirch: "Re: local users can panic linux kernel (was: SuSE syslogdadvisory)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 17:21 23.11.99 -0500, Shafik Yaghmour wrote:
>	So if you have a high system load it is okay to have some of the
>syslog messages lost? Hmm, I dunno, IMHO it is never okay, I mean why
>should you open up the opportunity at all. You know, security based on
>something being "not so prone to failure" doesn't exactly make me feel
>warm and cozy.

For the connection of syslogd there seems to be two solutions:

* datagram sockets / connection less:
  - messages could get lost on transport
  + no resource exhaustion possible,
    malicious client can't bring service down
* stream sockets / connection based:
  + no messages could get lost on transport
  - resource exhaustion possible,
    malicious client can bring service down

Both solutions have advantages and disadvantages.

By

Goetz

--
Goetz Babin-Ebell                      mailto:babinebellat_private
TC Trust Center for Security           http://www.trustcenter.de
in Data Networks GmbH                  Tel.: +49-40-80 80 26-0
Sonninstr. 24-28 / 20097 Hamburg / Germany  Fax.: +49-40-80 80 26-126

Next message: Jeff Bilicki: "[ COBALT ] Security Advisory - Sendmail"
Previous message: Scott Zimmerman: "Re: Operational Issues: Applications & Appliances (was: Buffer"
Next in thread: Olaf Kirch: "Re: local users can panic linux kernel (was: SuSE syslogdadvisory)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:14:03 PDT