In trying to configre the /etc/syslog.auth file for remote logging of many
terminal servers and routers, I have encountered what appears to be an
input buffer problem in syslogd.
There is apparently no security problem involved - just a classic case
of a daemon trying to startup, dumping core and quitting with no
indication that it has any problems, except the core file in /.
Basically, with an auth file somewhere between 23 lines of 439 characters
and 24 lines of 452 characters (awfuly close to 512), "syslog -d" barfs,
indicating that it has garbaged part of the file...
hostname=xx12.upenn.edu$$
hostname=.upenn.edu$$
du$$
u$$
du$$
hosts = 24
LE: /var/adm/messages
ex/loxx1.upenn.edu$$
hostname=penn.edu$$
du$$
logmsg: pri 56, flags 4, from noc3, msg syslogd: restart
Memory fault(coredump)
The last few lines of the auth file are:
xx12.upenn.edu
xx13.upenn.edu
xx1.upenn.edu
So it's not barfing on the absolute end of the input file.
I've got a call logged with support, which is "researching" the issue now.
It's easily reproduceable, so I suspect it will wind up being patched.
However, from our point of view more general controls as offered in tcp
wrappers would make life much easier and be appreciated.
(The fact that you have to match the case of the reverse-lookup is also
a pain.)
T.T.F.N.
William H. Magill Senior Systems Administrator
Information Services and Computing (ISC) University of Pennsylvania
Internet: magill_at_isc.upenn.edu magill_at_acm.org
magill_at_upenn.edu
http://pobox.upenn.edu/~magill/
Received on Wed Jul 01 1998 - 17:34:14 NZST