On Fri, Jan 03, 2003 at 05:03:03AM -0500, Noam Meltzer wrote:
I won't expect Sun to change their native syslogd. Their syslogd is working good in its native environment, and its "harmonic" with other native syslogd is evry good. For me it doesn't seem like a bug. Just another mechanism.
It is not Solaris's syslogd that has the bug. It's ctld which sends bogus data in its messages.
Solaris' syslogd recognize the hostname by doing reverse-resolution for each packet. And I don't think it's such a bad idea. The current mechanism of syslog-ng is trying to run some regexp on the data string (If I understood you correctly). I believe that the Solaris mechanism is more secure because that way you know for sure that the originating IP is who it claims to be. (Yes, you can always hijack (hope i spelled this correct) an IP in the network, but I guess that in that case you have other trouble). In syslog-ng mechanism, some1 can inject you fake logs. (I don't know what good it can give an attacker... but I'm sure that some criminal mind can find what to do with this).
in keep_hostname(no) state, syslog-ng does not trust the host name in any way. but this interacts badly with ctld. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1