On 06/06/16 16:48, Wei Liu wrote:
>> A distro which isn't equipped to deal with these things is of no
>> practical use in the real world.
>>
>> Any distro we care about supporting is equipped to deal with logs.
>>
>>>
>>> I agree that if logging using existing logging systems were workable,
>>> that would be a better solution. Wei did actually spend a decent chunk
>>> of time looking at other options, including logrotate and journald
>>> before settling on using xenconsoled.
>>>
>>> A lot of this brainstorming and discussion happened off-list because
>>> XSA-180 was still embargoed, so I can understand why it looks like this
>>> came out of nowhere. It would probably be good for Wei to report here
>>> what he found and why he decided to propose this solution instead.
>>
>> Please do. Until there is an understanding of why the standard
>> mechanisms are not suitable, it is premature and naive to re-invent a wheel.
>>
>
> With syslog and logrotate you will still end up filling up your disk.
> Logrotate can't actively rotate log files.
FWIW CentOS 6 and 7 (which use rsyslogd and systemd-journald
respectively) seem to have rate-limiting stuff enabled by default; the
attached program causes a lot of CPU utilization, but no disk resource
exhaustion.
> You can't just tap syslog to QEMU at the moment unless you use the
> script I sent to XSA-180 security@ discussion. That's still a hacked up
> solution.
>
> I actually don't mind having syslog deal with those, but we need to
> provide some not-so-hacked-up way for doing it.
On Linux, it looks like you can create a socket and "connect" to /dev/log.
-George
#include <syslog.h>
#include <time.h>
int main(int argc, char * argv[]) {
int rc;
struct timespec tv = { .tv_nsec = 5000 };
openlog("DoS Attempt", 0, LOG_DAEMON);
while(!(rc = nanosleep(&tv, NULL))) {
syslog(LOG_ERR, "This is a nasty attempt to DoS syslog\n");
}
if(rc) {
perror("nanosleep");
}
}
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
