Re: [logs] syslog/tcp (selp)

• Previous message: Rainer Gerhards: "RE: [logs] syslog/tcp (selp)"
• In reply to: Rainer Gerhards: "RE: [logs] syslog/tcp (selp)"
• Next in thread: Frank O'Dwyer: "RE: [logs] syslog/tcp (selp)"
• Next in thread: Mikael Olsson: "Re: [logs] syslog/tcp (selp)"
• Reply: Frank O'Dwyer: "RE: [logs] syslog/tcp (selp)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

That protocol could work, but another thought just occurred to me.

If we allow MSGs that include CRLFs within them, we're also
accepting that outputting these records in a straight text file is a
lossy operation; and that in turn means that it's easy to send a
message that "forges" a log entry in the file.

Maybe we can drop this, on the reasoning that if people are wanting
to send MSGs containing CRLFs, they probably don't want anything
like syslog at all?

Either we should abandon this line, stick with the simplest possible
protocol, and totally outlaw CRs and LFs within the MSG; or else we
should note that any implementation that outputs to a normal logfile
is defective, losing critical framing information and so making it
easy for attackers to forge log entries.

-Bennett

• application/pgp-signature attachment: stored

• Next message: Mikael Olsson: "Re: [logs] syslog/tcp (selp)"
• Previous message: Rainer Gerhards: "RE: [logs] syslog/tcp (selp)"
• In reply to: Rainer Gerhards: "RE: [logs] syslog/tcp (selp)"
• Next in thread: Frank O'Dwyer: "RE: [logs] syslog/tcp (selp)"
• Next in thread: Mikael Olsson: "Re: [logs] syslog/tcp (selp)"
• Reply: Frank O'Dwyer: "RE: [logs] syslog/tcp (selp)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 09 2003 - 15:30:38 PST