Subject: Re: AGAIN: syslogd stopped, what must I do?
To: None <xs@kittenz.org>
From: Greg A. Woods <woods@weird.com>
List: netbsd-users
Date: 06/08/2002 15:11:52
[ On Friday, June 7, 2002 at 19:30:25 (+0100), xs@kittenz.org wrote: ]
> Subject: Re: AGAIN: syslogd stopped, what must I do?
>
> > /dev/console should probably not be used by syslogd in any case where it
> > can get XOFF'ed like that.....
> 
> What about notification to users? I think that opens the tty, so I suppose
> would be restricted in the same way.

Yes, the same applies (since syslogd directly reads the UTMP file and
then directly opens, writes to, and closes each tty the selected users
are logged in on.

However since the default notification level for users is higher than
that for /dev/console (and "root" is never supposed to be logged in
anywhere, except maybe _during_ and emergency on /dev/console) and thus
less "noisy", the likelyhood of this being a major problem is much lower
(though certainly not low enough to avoid the possibility of a denial of
service attack against syslogd by a malicious local user).

-- 
								Greg A. Woods

+1 416 218-0098;  <gwoods@acm.org>;  <g.a.woods@ieee.org>;  <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>