Privsep for syslogd

Contributed by jose on 2003-08-05 from the split-logging dept.

OpenBSD now has privsep for syslogd , meaning networked syslog connections now have some risk mitigation built in. Check this out in -current if you have the chance and start using it on your syslog servers.

(Comments are closed)

Comments

By willb () on 2003-08-05 12:41

This is another great step for OpenBSD. More systems need to be developed assuming mistakes will be made. Priv Sep is a good way to reduce the risks of mistakes. Just like a ship, compartmentalization helps. The OpenBSD team should be commended for working in this direction. There is a lot of pressure to add new functionality, but the team is sticking to security design first. Sure, OpenBSD does not like a 4-way machine, but that only gets hacked faster if things are not done right.
By Anonymous Coward () on 2003-08-05 12:57

This sounds like a step forward, let's just clarify.

Instead of remote root if there is a remote bug in syslogd, the attacker could become a non-root user on the system.

Why not just vpn all system services and block all ports except for the VPN. That way your much safer. And then focus all security efforts, code audits on the VPN software.
Comments
1. By Anonymous Coward () on 2003-08-06 01:10
  
  So one bug in the VPN can make the entire system vulnerable? Make everything compartmentalized, so if it is comprimised, you have some protection. Why not systrace everything, rather than VPN it. That'll give you better security (over VPN), while still keeping the single point of failure, that you desire. ;-)
2. By Anil () avsm@ on 2003-08-06 01:30 mailto:avsm@
  
  Instead of remote root if there is a remote bug in syslogd, the attacker could become a non-root user on the system.
  Well, they would become the _syslogd user, but trapped inside a /var/empty chroot with no privilege except that granted by the priv parent (they can open logfiles for appending only, write to terminals, read utmp). If the priv parent smells any dodgy requests coming from the child, it'll kill itself, leaving the child with no privilege at all.
  Why not just vpn all system services and block all ports except for the VPN.
  Err... what?
3. By pogi na si psyg mabait pa () on 2003-08-06 01:54
  
  "Why not just vpn all system services and block all ports except for the VPN."
  
  this is a joke. isn't it? but thanks. you made me laugh :D
  
  "That way your much safer."
  
  more jokes. rotflmao
4. By Anonymous Coward () on 2003-08-05 14:40
  
  This sounds very close to the argument for writing all network services in Java. Single point of failure...
5. By Henrik Holmboe () on 2003-08-13 19:28
  
  How would you build in vpn capabilities (ipsec I presume?) into closed boxed appliances? Many networked systems such as printers, routers etc has the possibility to use a remote syslog server, but it would be cumbersome to vpn-enable them.
By hurm () on 2003-08-05 15:24

e.g. make all logs sourcing from a specific remote host go to /var/log/REMOTEHOST instead of the main logs

syslog-ng does this
Comments
1. By Anonymous Coward () on 2003-08-06 04:06
  
  Then install syslog-ng. What's the problem?
By Jeffrey () on 2003-08-06 12:25

Yes, this is certainly good to have privsep addition. OTOH, don't listen for and accept network input if you don't need it. Granted, OpenBSD is not using the '-u' flag by default; I guess this has the same effect as the '-s' flag in NetBSD's syslogd.

Yes, looks like the effect is the same on both.

Anyway, yay for privsep! =)

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (10)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]