/etc/security/audit_warn -- where to log to by default?
fergus
fergus at cobbled.net
Wed Jan 26 10:55:14 GMT 2005
On 25.01-09:34, Ilmar S. Habibulin wrote:
[ ... ]
> What can we do with syslogd? Give it permission to
> change its' own label. Set the label of /var/run/log to "*/equal". So
> everybody can write to the log. Now syslog reads data and decides which
> log it must be stored to. Then it changes own label to be equal to the
> appropriate log and writes to it.
this would be very insecure. the privilage your talking about
(arbitary label switching) would basically give the box away.
--
: fergus cameron : [ .] cobbled :
: ^^^^^^@cobbled.net : [ ~][ ] .net :
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list