On Sunday 03 June 2007 19:01:21 Nix wrote:
> On 1 Jun 2007, Jens Axboe told this:
> > I think Anand is assuming that because syslog may coalesce identical
> > messages into "repeated foo times" in the messages file, that it's not a
> > dos. That is of course wrong.
>
> Not all syslog daemons do that, anyway. (syslog-ng doesn't, for one.)
That syslog-ng doesn't coalesce repeated messages into a single line doesn't
make a difference. The printk_ratelimit stuff is supposed to make it very
hard to DOS a system by flooding syslog, but that doesn't mean its
impossible.
The point of this discussion was that having a part of the kernel log a
message about a fork-bomb was a very large whole that could be used to DOS a
system by flooding the syslog. (In fact, IIRC, the printk_ratelimit (and
somebody, please correct me if I'm wrong) stuff uses a ring buffer and
seriously spamming syslog, like the patch that spawned this thread would have
done, could cause you to lose potentially important messages)
DRH
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
