Re: syslogd security ?

[Alain Magloire]

> 
> On Thu, Nov 23, 2000 at 11:58:36PM -0500, Alain Magloire wrote:
> > Good news, cast is off ... ye !!! A few physio workout and I'm
> > back rocking.
> 
> Great!

8-)
You do not have to tell me !!! ;-)
I feel like I could code my way to the moon !!!
...
But lets take it easy for now.

> > In any case excerpt from a syslogd messages:
> > 
> > ---------------syslogd /var/log/messages ---------------------------
> > Nov 20 15:08:12 reliant
> > Nov 20 15:08:12 reliant syslogd: Cannot glue message parts together
> > Nov 20 15:08:12 reliant 173>Nov 20 15:08:12 rpc.statd[504]: gethostbyname 
> > error
> 
> That's an old exploit of rpc.statd in the nfs package. Debian has an
> announcement from Jul 2000 here:
> http://www.debian.org/security/2000/20000719a
> 
> This has nothing to do with syslogd in particular. It's just that the full
> blurb of non-printable is too long to fit in the message buffer, and thus
> truncated. Note that our version of syslogd doesn't support multiple message
> parts, and will truncate even earlier.
> 
> I wouldn't hold my hand in fire for my analysis, but I think it is correct.

Ha Ok, thanks for the heads up.  But this is a clear message to us
that before a release, we should double check, reaudit, test etc ...
the code again and again ...  Most of the code in the release will be
run as root.   I'll shortly resume work on inetutils, once I got through
the gazilion of emails waiting for me from the last 3 months.
I'm not sure if we're going to be ready in time for a release this year
but we'll try.

> Thanks,
> Marus

alain