In some mail from Colin Percival, sie said: > At 20:53 04/06/2004, Crist J. Clark wrote: > >We haven't had many syslogd(8) vulnerabilities lately, but one > >less daemon running as root seems like a Good Thing. I do not > >see any drawbacks from a security point of view. The log files > >would have to be owned, or otherwise writeable, by this other > >user, but so what. Obviously, I may be missing something. > > One consideration is that if syslogd is not running as root, > it will no longer be able to write to a filesystem which is > already "full". > On systems where non-root users can write to the filesystem > containing /var/log (and are not limited by quotas) this would > allow non-root users to disable logging, which would probably > be a Bad Thing. One way or another, you can generally exploit a DoS attack against syslogd with disk space. Well at least with current sources, anyway. Lets pretend that /var/log is its own filesystem, isolated from a full /var/tmp. The attack is then to just spam syslogd with lots of data such that it fills /var/log. Granted this is harder but not impossible. How do you defend against that? Add code to rate limit messages from a given source to a max of x kb/s ? As an "out there" suggestion, you might increase the % for root only to be greater than 10% on a /var/log so you can always run newsyslog successfully. Darren _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"