syslogd(8) Dropping Privs - Colin Percival - org.freebsd.freebsd-security

6 messages in org.freebsd.freebsd-securitysyslogd(8) Dropping Privs

From	Sent On	Attachments
Crist J. Clark	Jun 4, 2004 12:54 pm
Neo-Vortex	Jun 4, 2004 3:49 pm
Colin Percival	Jun 4, 2004 3:58 pm
Darren Reed	Jun 5, 2004 1:19 am
Darren Reed	Jun 5, 2004 1:22 am
Crist J. Clark	Jun 14, 2004 10:42 am

Subject:	syslogd(8) Dropping Privs
From:	Colin Percival (coli...@wadham.ox.ac.uk)
Date:	Jun 4, 2004 3:58:03 pm
List:	org.freebsd.freebsd-security

At 20:53 04/06/2004, Crist J. Clark wrote:

We haven't had many syslogd(8) vulnerabilities lately, but one less daemon running as root seems like a Good Thing. I do not see any drawbacks from a security point of view. The log files would have to be owned, or otherwise writeable, by this other user, but so what. Obviously, I may be missing something.

One consideration is that if syslogd is not running as root, it will no longer be able to write to a filesystem which is already "full". On systems where non-root users can write to the filesystem containing /var/log (and are not limited by quotas) this would allow non-root users to disable logging, which would probably be a Bad Thing.

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets