|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: local users can panic linux kernel (was: SuSE syslogdadvisory)
Alessandro Rubini (rubini
LINUX.IT)
Fri, 26 Nov 1999 13:48:58 +0100
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Metal Hurlant: "Re: Netscape communicator 4.x Javascript security flaw"
- Previous message: pedwardWEBCOM.COM: "Re: WordPad/riched20.dll buffer overflow"
- In reply to: Gerardo Richarte: "Re: WordPad/riched20.dll buffer overflow"
> <Linux specific>
> I could make that trouble happen while testing by overloading the kernel
> logging facility with a dumb logger ipchains policy looking like [...]
The behaviour you describe only applies to kernel-generated log messages.
This is because kernel messages are put in a circular buffer for later
retrivial by user space (when syslogd gets scheduled for execution).
If the buffer overlaps, you loose one-buffer-worth of data. Use of a
dynamic buffer for kernel messages would not be wise, as it might lead
to an easy DoS attack.
> (BTW, if anyone could tell me how to increase that buffer, I'm still
> interested)
It wouldn't really help, in my opinion: you'll loose data more rarely,
but you'll loose much more data when that happens. Anyways,
change LOG_BUF_LEN in kernel/printk.c.
/alessandro
- Next message: Metal Hurlant: "Re: Netscape communicator 4.x Javascript security flaw"
- Previous message: pedwardWEBCOM.COM: "Re: WordPad/riched20.dll buffer overflow"
- In reply to: Gerardo Richarte: "Re: WordPad/riched20.dll buffer overflow"
This archive was generated by hypermail 2.0b3 on Fri Nov 26 1999 - 11:55:27 CST