not using syslogd in the first place

Jeff Makey Makey at Logicon.COM
Thu Aug 2 10:27:58 AEST 1990


In article <4559:Aug121:33:5590 at kramden.acf.nyu.edu> brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
>I can flood /dev/log with messages, clogging syslog. That's secure?
>
>If I were a cracker who had just achieved root, I would have to replace
>or restart *one* program to avoid *all* future detection. That's right,
>all security logging goes through *one* hook. There is *no* reliability.
>There is *no* backup. That's secure?

Except when "security through obscurity" actually succeeds, the idea
that a UNIX system can in any way be protected from someone with root
access is completely absurd.  Naturally, any standard method of
exception logging (e.g., stderr, syslog) will be insufficiently
obscure to provide the desired security.

>From a security point of view, there are no redeeming features
whatsoever in logging to a file (via stderr in Dan's implementation)
in the face of root access.  On the other hand, if logging is done to
a remote machine then there is a possibility of at least *detecting* a
break-in (assuming, of course, that the loghost is not compromised).

                           :: Jeff Makey

Department of Tautological Pleonasms and Superfluous Redundancies Department
    Disclaimer: All opinions are strictly those of the author.
    Internet: Makey at Logicon.COM    UUCP: {nosc,ucsd}!logicon.com!Makey



More information about the Comp.unix.wizards mailing list