Re: Possible syslogd DoS ?From: VeNoMouS (firstname.lastname@example.org)
- Previous message: Crist J. Clark: "Re: Possible syslogd DoS ?"
- In reply to: Petr Baudis: "Possible syslogd DoS ?"
- Next in thread: VeNoMouS: "Re: Possible syslogd DoS ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <email@example.com> From: "VeNoMouS" <firstname.lastname@example.org> To: "Petr Baudis" <email@example.com>, <firstname.lastname@example.org> Subject: Re: Possible syslogd DoS ? Date: Thu, 4 Oct 2001 22:05:00 +1200
on my last post, i failed to realise that the code was actally code dumping
----- Original Message -----
From: Petr Baudis <email@example.com>
Sent: Thursday, October 04, 2001 6:09 AM
Subject: Possible syslogd DoS ?
> I just recently came on a thought (thanks to Marek Jaros) of possible
> DoS of syslogd. It uses /dev/log for receiving log messages, which has
> mode 0666 on most linuxes. It should be ok, as many non-root applications
> should be allowed to log things etc.
> But imagine that you will send a lot of very long messages there,
> everytime in order not to get stripped into kinda 'message repeated x
> In this way, you can imho flood syslogd successfully, possibly filling
> partition where /var/log resides, regardless to your quota settings on
> the machine!
> Then, if /var/log is not on separate partition, the whole system can get
> into serious problems, and especially, further events won't be obviously
> logged, so you can do evil things there happily and nobody will know about
> Discussion? Something i didn't take into account? Possible solutions?
> Petr "Pasky" Baudis
> n = ((n >> 1) & 0x55555555) | ((n << 1) & 0xaaaaaaaa);
> n = ((n >> 2) & 0x33333333) | ((n << 2) & 0xcccccccc);
> n = ((n >> 4) & 0x0f0f0f0f) | ((n << 4) & 0xf0f0f0f0);
> n = ((n >> 8) & 0x00ff00ff) | ((n << 8) & 0xff00ff00);
> n = ((n >> 16) & 0x0000ffff) | ((n << 16) & 0xffff0000);
> -- C code which reverses the bits in a word.
> My public PGP key is on: http://pasky.ji.cz/~pasky/pubkey.txt
> -----BEGIN GEEK CODE BLOCK-----
> Version: 3.12
> GCS d- s++:++ a--- C+++ UL++++$ P+ L+++ E--- W+ N !o K- w-- !O M-
> !V PS+ !PE Y+ PGP+>++ t+ 5 X(+) R++ tv- b+ DI(+) D+ G e-> h! r% y?
> ------END GEEK CODE BLOCK------