sysklogd security patch
dagmar.wants at nospam.com
Sat Jul 19 12:21:06 PDT 2003
On Sat, 2003-07-19 at 11:17, Archaic wrote:
> On Sat, Jul 19, 2003 at 02:04:28PM +0100, Matthew Burgess wrote:
> > Just seen this posted at
> > http://www.infodrom.org/projects/sysklogd/download/patches/. It
> > enables sysklogd to be run as an unprivileged user by giving it a -u
> > <username> parameter. Not sure this is useful for LFS or not, just
> > thought I'd raise awareness of it.
> Perhaps this should be posted to lfs-security as well. Since the book
> itself usually doesn't deal with security configuration.
(CCing to lfs-security)
This has been in my lil' list o' hardening procedures for awhile now, so
I've got a reasonable level of faith in the patch--although admins
should read the new version of the man page very carefully because
there's a few gotchas that can getcha, so to speak.
There _have_ been format string exploits to syslogd in the past, so this
is a pretty decent improvement for what little extra work it entails.
(I'm _very_ big on the use of non-root role ids for anything users can
put their filthy little fingers on and push.)
The email address above is just as phony as it looks, and for obvious reasons.
Instant messaging contact nfo: AIM: evilDagmar Jabber: evilDagmar at jabber.org
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message
More information about the lfs-security