On Sun, Feb 11, 2001 at 07:38:57PM +0100, wojtek@wojtek.from.pl wrote:
> > On Sun, Feb 11, 2001 at 11:09:22AM +0100, wojtek@wojtek.from.pl wrote:
> > > why it have 666 permissions - it allows everybody to log anything and with
> > > -t option it could look like anything else (for eg. kernel messages)
> > 
> > How else do you allow arbitrary programs that don't run as root to log to
> > syslog unless it's world writable?  Creating a special `syslog' group and
> > putting all the appropriate users in seems tedious to me.
> i was doing this on linux and i'm suprised the same on netbsd is possible,
> > 
> > If you check usr.sbin/syslogd/syslogd.c::printline(), you'll see:
> > 	/* don't allow users to log kernel messages */
> > 	if (LOG_FAC(pri) == LOG_KERN)
> > 		pri = LOG_MAKEPRI(LOG_USER, LOG_PRI(pri));
> what about:
> 
> a) logger -t su "wojtek to root on /dev/ttyp7"
> add -p to select the same logfile that normal su does (i have 1 logfile
> for everything)
> 
> b) while true;do echo zzzzzzzzzzzzzzzzzzzzzzzzzzzzz|logger ;done
> 
> and pollute logfiles

So create yourself a syslog group, change the permissions on /var/log,
and put all the appropriate users (root, www, named, uucp, ...) into the 
group.

As I said, tedious work, and doesn't necessarily solve the problem. If a
local user wants to cause a denial of service against your machine
there are *many* ways in which they can do it.

This doesn't mean that other enhancements to the syslog mechanism
can't be added, such as:
	* using (kernel) authenticated credentials over the socket
	  so that you can get the userid of the syslogger and putting
	  that in your logs