Responses to syslogd killing

lb (lb@POSH.INEXWORKS.NET)
Tue, 21 Oct 1997 14:45:01 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Solar Designer: "Re: WinNT syscalls insecurity"
Previous message: Chris Wilson: "Re: remotely kill solaris syslogd"
Next in thread: Zack Weinberg: "Re: Responses to syslogd killing"

I got alot of responses about the syslogd killing, which mostly
affirmed by belief that the bug had been noticed before. Sun seems to
have attributed the bug to "LOCAL" facility syslog traffic loads causing
syslogd to die. I've tried using LOG_AUTH and most of the syslog
facilities and they all seem to cause syslogd to crash. There was a
patch released by Sun to solve the "LOCAL" problem, but it doesn't seem
to be publicly available so I can't test it.

Also, alot of people are under the impression that this has nothing
to do with DNS. I tried it many times to make sure, because it seemed
exploitable to me.. I would watch the syslog message come in, watch
the DNS query go out, and then watch syslogd die. If I inserted a DNS
entry for the IP in question, syslogd would query and work fine.. if I
removed the DNS entry again, syslogd would crash. Perhaps you're right..
but I'll stick to my assumption. hoho.

If anyone knows where I could get that patch, and it's publicly
available.. then please let me know.. If anything, this should be included
in the Solaris 2.5.1 and 2.5 Recommended patch set..

lb@inext.net

Next message: Solar Designer: "Re: WinNT syscalls insecurity"
Previous message: Chris Wilson: "Re: remotely kill solaris syslogd"
Next in thread: Zack Weinberg: "Re: Responses to syslogd killing"