[Extension] utmpx and LOGIN_FAILURE
Julian Elischer
julian at elischer.org
Sun May 2 04:55:16 UTC 2010
On 5/1/10 8:50 PM, M. Warner Losh wrote:
> In message:<20100501235846.GU56080 at hoeg.nl>
> Ed Schouten<ed at 80386.nl> writes:
> : * Peter Jeremy<peterjeremy at acm.org> wrote:
> :> On 2010-May-01 22:32:44 +0200, Ed Schouten<ed at 80386.nl> wrote:
> :> >* Alexander Leidinger<Alexander at Leidinger.net> wrote:
> :> >> Does this default to on or off or is this always on? If the later: some
> :> >> kind of a switch (no matter what the default is) would be highly
> :> >> desired.
> :> >
> :> >What about adding a switch to last(1) to (un)hide the entries?
> :>
> :> That doesn't cover the DoS potential of logging this data in the
> :> firstplace.
> :
> : So how is this covered right now? As far as I know, all of our existing
> : login services write messages to /var/log/*.
successful and unsuccessful attempts need to be in different files or
an attacker can effectively flush the record of successful attempts by
filling up the files with unsuccessful attempts. This is also a DOS
method.
>
> newsyslog rotates those files when they get too big...
>
> Warner
> _______________________________________________
> freebsd-arch at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-arch
> To unsubscribe, send any mail to "freebsd-arch-unsubscribe at freebsd.org"
More information about the freebsd-arch
mailing list