On Tue, 12 Mar 2002, CertaintyTech - Ed Henderson wrote:
> > It works for me. I think I'd be looking at syslog. Perhaps your Perl
> > syslog interface?
> >
> > #!/usr/bin/perl -w
> >
> > use strict;
> > use Sys::Syslog qw(:DEFAULT setlogsock);
> >
> > my $log_facility = 'mail';
> > openlog('test_logger','foo,bar',$log_facility);
> > syslog('info',"Test log entry");
> >
> > --
> > Charlie Watts
>
>
> I did some poking aroung on my system and saw that syslogd was running with
> the "-t" switch. I removed the switch and restarted it and it now logs just
> fine. Here is what the Solaris syslogd man page says for "-t":
>
> -t Disable the syslogd UPD port to turn off logging of
> remote messages.
>
> Not sure why this was set but it kept Sys::Syslog from successfully using
> syslogd. Does anyone know about this option and why it should/shouldn't be
> set? Possibly makes syslogd less secure w/o it?
There's an absurdly simple DoS attack against remotely-logging syslog.
You just log like crazy.
Fill up the attackee's disks.
Somebody else mentioned another perl program that looked like it was
perhaps using the /dev/log syslog interface - you might investigate that.
If you don't need remote logging enabled, it's best to disable it.
--
Charlie Watts
[EMAIL PROTECTED]
Frontier Internet, Inc.
http://www.frontier.net/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
