Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 23 May 2001 16:40:13 +0400
From: solar@...nwall.com
To: owl-users@...ts.openwall.com
Subject: Re: sysklogd

On Wed, May 23, 2001 at 03:24:40PM +0300, Jarno Huuskonen wrote:
> On Wed, May 23, solar@...nwall.com wrote:
> > We need to update to 1.4.1 for the newer klogd, but we also need to
> > switch to an alternative syslogd.
> 
> Have you decided which alternative ? If I remeber correctly this was discussed
> on security-audit list.

Most likely we'll pick Darren Reed's nsyslogd with heavy modifications.

> > After about 20 minutes of searching, I actually found that there
> > really is the bug matching your description.  It's not fixed with 1.4
> > and I believe was never reported to the proper places despite being
> > fixed in Debian three months ago (with 1.4.1, which I haven't seen
> > announced).  I'll bring this to vendor-sec now.  Thanks.
> 
> Yes, the fixed version is 1.4.1 (not 1.4 like I remembered)
> I noticed the problem about 2 months ago with my laptop, because after every
> suspend/resume (reloading the network driver) klogd ate 100% cpu. After
> searching if others had noticed the same symptoms I found that 1.4.1 has the
> bug fixed.

Well, we don't officially support 2.4 kernels yet, but I'll handle
this as a security bug anyway.  There could be kernel bugs which cause
NUL's to be passed to klogd and they don't need to result in a DoS.

> The 1.4.1 version is available from:
> http://www.ibiblio.org/pub/Linux/system/daemons/
> (I think the klogd cpu bug is mentioned in the changelog).

I've back-ported the fix to 1.3-31 for prerelease-stable already,
testing it now.

-- 
/sd

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.