Re: sysklogd

From: solar@private
Date: Wed May 23 2001 - 05:40:13 PDT


On Wed, May 23, 2001 at 03:24:40PM +0300, Jarno Huuskonen wrote:
> On Wed, May 23, solar@private wrote:
> > We need to update to 1.4.1 for the newer klogd, but we also need to
> > switch to an alternative syslogd.
> 
> Have you decided which alternative ? If I remeber correctly this was discussed
> on security-audit list.

Most likely we'll pick Darren Reed's nsyslogd with heavy modifications.

> > After about 20 minutes of searching, I actually found that there
> > really is the bug matching your description.  It's not fixed with 1.4
> > and I believe was never reported to the proper places despite being
> > fixed in Debian three months ago (with 1.4.1, which I haven't seen
> > announced).  I'll bring this to vendor-sec now.  Thanks.
> 
> Yes, the fixed version is 1.4.1 (not 1.4 like I remembered)
> I noticed the problem about 2 months ago with my laptop, because after every
> suspend/resume (reloading the network driver) klogd ate 100% cpu. After
> searching if others had noticed the same symptoms I found that 1.4.1 has the
> bug fixed.

Well, we don't officially support 2.4 kernels yet, but I'll handle
this as a security bug anyway.  There could be kernel bugs which cause
NUL's to be passed to klogd and they don't need to result in a DoS.

> The 1.4.1 version is available from:
> http://www.ibiblio.org/pub/Linux/system/daemons/
> (I think the klogd cpu bug is mentioned in the changelog).

I've back-ported the fix to 1.3-31 for prerelease-stable already,
testing it now.

-- 
/sd



This archive was generated by hypermail 2.1.3 : Sun Jan 15 2006 - 13:43:14 PST