On 03/02/2016 10:19 AM, Carlos E. R. wrote:
On 2016-03-02 15:58, Anton Aylward wrote:
Hmm: if syslog could send to the ring buffer that would be an attack surface; a rouge/hijacked network device could send syslog messages with buffer overflow to the kernel of a host. If that were possible we have a very serious structural flaw!
logger -p kern.info -t test "test message"
(not exactly what it would seem, though)
:-)
Hmm? It sends to the syslog daemon, not to the kernel. The "-p" just makes it appear to come /from/ the kernel. Now if you had an elaborated already subverted machine where there was a socket that gave access to the kernel, then you could send syslog messages into it, but if the machine was already corrupted to set up such as 'service' in the first place this is cake dressing. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org