From: Larry Kessler <kessler@us.ibm.com>
To: Dominik Kubla <kubla@sciobyte.de>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH-RFC] POSIX Event Logging, kernel 2.5.6 & 2.4.18
Date: Tue, 12 Mar 2002 15:02:42 -0800 [thread overview]
Message-ID: <3C8E8912.64435C1E@us.ibm.com> (raw)
In-Reply-To: <3C8E7E08.C3CF4227@us.ibm.com> <20020312224101.GB12952@duron.intern.kubla.de>
Dominik Kubla wrote:
>
> On Tue, Mar 12, 2002 at 02:15:36PM -0800, Larry Kessler wrote:
> > 2) If the buffer overruns the oldest events are kept, newest
> > discarded, and a count of discarded events is reported.
>
> Hmm. That sounds like a possible security problem to me: simply generate a
> bunch of harmless messages to fill the buffer and then one can do the nasty
> stuff...
I assume that you mean do the nasty stuff but never have anything in
your
event log indicating that it happened. Good point, but if the buffer is
sized appropriately for the incoming volume of events and the logging
daemon
is reading the events out of the kernel buffer (as should normally be
the case),
then you would see the events.
The reasoning behind this approach is to increase the liklihood that
events
indicating "root cause" would be logged and not over-written by a flood
of
secondary events. Keep in mind that only events originating in the
kernel (or
kernel module) are stored in this buffer.
next prev parent reply other threads:[~2002-03-12 23:03 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-03-12 22:15 [PATCH-RFC] POSIX Event Logging, kernel 2.5.6 & 2.4.18 Larry Kessler
2002-03-12 22:41 ` Dominik Kubla
2002-03-12 23:02 ` Larry Kessler [this message]
2002-03-13 1:10 ` Bernd Eckenfels
2002-03-13 0:33 ` Bernd Eckenfels
-- strict thread matches above, loose matches on Subject: below --
2002-03-14 1:07 Larry Kessler
2002-03-14 2:32 ` Bernd Eckenfels
2002-03-14 19:45 ` Brian Beattie
2002-03-15 1:10 ` Larry Kessler
2002-03-15 1:17 Larry Kessler
2002-03-15 17:57 Larry Kessler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3C8E8912.64435C1E@us.ibm.com \
--to=kessler@us.ibm.com \
--cc=kubla@sciobyte.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox