That protocol could work, but another thought just occurred to me. If we allow MSGs that include CRLFs within them, we're also accepting that outputting these records in a straight text file is a lossy operation; and that in turn means that it's easy to send a message that "forges" a log entry in the file. Maybe we can drop this, on the reasoning that if people are wanting to send MSGs containing CRLFs, they probably don't want anything like syslog at all? Either we should abandon this line, stick with the simplest possible protocol, and totally outlaw CRs and LFs within the MSG; or else we should note that any implementation that outputs to a normal logfile is defective, losing critical framing information and so making it easy for attackers to forge log entries. -Bennett
This archive was generated by hypermail 2b30 : Thu Jan 09 2003 - 15:30:38 PST