From mboxrd@z Thu Jan 1 00:00:00 1970 From: George Dunlap Subject: Re: XSA-180 follow-up: repurpose xenconsoled for logging Date: Tue, 7 Jun 2016 10:57:14 +0100 Message-ID: <57569A7A.9090703@citrix.com> References: <20160601140014.GH5160@citrix.com> <5751C09F.6030706@citrix.com> <57554C87.3040001@citrix.com> <575574B1.60602@citrix.com> <20160606154838.GK14588@citrix.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------010500020908090703070608" Return-path: Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bADm9-0000qN-TX for xen-devel@lists.xenproject.org; Tue, 07 Jun 2016 09:58:22 +0000 In-Reply-To: <20160606154838.GK14588@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" To: Wei Liu , Andrew Cooper Cc: George Dunlap , Xen-devel , Ian Jackson List-Id: xen-devel@lists.xenproject.org --------------010500020908090703070608 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 8bit On 06/06/16 16:48, Wei Liu wrote: >> A distro which isn't equipped to deal with these things is of no >> practical use in the real world. >> >> Any distro we care about supporting is equipped to deal with logs. >> >>> >>> I agree that if logging using existing logging systems were workable, >>> that would be a better solution. Wei did actually spend a decent chunk >>> of time looking at other options, including logrotate and journald >>> before settling on using xenconsoled. >>> >>> A lot of this brainstorming and discussion happened off-list because >>> XSA-180 was still embargoed, so I can understand why it looks like this >>> came out of nowhere. It would probably be good for Wei to report here >>> what he found and why he decided to propose this solution instead. >> >> Please do. Until there is an understanding of why the standard >> mechanisms are not suitable, it is premature and naive to re-invent a wheel. >> > > With syslog and logrotate you will still end up filling up your disk. > Logrotate can't actively rotate log files. FWIW CentOS 6 and 7 (which use rsyslogd and systemd-journald respectively) seem to have rate-limiting stuff enabled by default; the attached program causes a lot of CPU utilization, but no disk resource exhaustion. > You can't just tap syslog to QEMU at the moment unless you use the > script I sent to XSA-180 security@ discussion. That's still a hacked up > solution. > > I actually don't mind having syslog deal with those, but we need to > provide some not-so-hacked-up way for doing it. On Linux, it looks like you can create a socket and "connect" to /dev/log. -George --------------010500020908090703070608 Content-Type: text/x-csrc; name="syslog-flood.c" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="syslog-flood.c" #include #include int main(int argc, char * argv[]) { int rc; =20 struct timespec tv =3D { .tv_nsec =3D 5000 }; =20 openlog("DoS Attempt", 0, LOG_DAEMON); while(!(rc =3D nanosleep(&tv, NULL))) { syslog(LOG_ERR, "This is a nasty attempt to DoS syslog\n"); } if(rc) { perror("nanosleep"); } } --------------010500020908090703070608 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVs IG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwOi8vbGlzdHMueGVuLm9y Zy94ZW4tZGV2ZWwK --------------010500020908090703070608--