Ubuntu
dsyslog package

syslog allows frequent entries in logs

Bug #471320 reported by chris_c
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
dsyslog (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: dsyslog

I have several GIGS of data in my logs thanks to a badly written deamon.
>10GB last time I purged them....

Filling the disk completely by flooding logs there could be a potential for loss of service or even an exploit

I will not upload the several GIGS of data but rather here is an extract

NB although the deamon is at fault, syslog should NOT be allowing GIGS of data to be dumped to
logs in a very short time

Nov 2 16:57:23 xxxxx pulseaudio[2903]: socket-server.c: accept(): Too many open files
Nov 2 16:57:23 xxxxx pulseaudio[2903]: socket-server.c: accept(): Too many open files
Nov 2 16:57:23 xxxxx pulseaudio[2903]: socket-server.c: accept(): Too many open files
Nov 2 16:57:23 xxxxx pulseaudio[2903]: socket-server.c: accept(): Too many open files

pulseaudio intermittently dumps too many file errors at numerous points not just socket-server.c HOWEVER

I reiterate this is NOT about the numerous pulseaudio bugs, this bug is filed about a potential security
risk with ubuntu system logging

Revision history for this message
chris_c (c-camacho) wrote :

hmmm title should read
syslog allows *too* frequent entries in logs

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

security vulnerability: yes → no
visibility: private → public
Revision history for this message
chris_c (c-camacho) wrote :

By completely filling the hard drive it is possible to cause denial of service

as this bug can cause a denial of service it *is* a security vulnerability.

Revision history for this message
JayK (jakres) wrote :

Isn't this rather a bug that should be reported for the pulseaudio package?

Revision history for this message
chris_c (c-camacho) wrote :

absolutely NOT!

the fact I can spam a log and so fill up a device is not a pulseaudio problem, the logger should protect against or at least mitigate this

Revision history for this message
William Pitcock (nenolod) wrote :

I disagree. Setting up logrotate will mitigate this problem, but a duplicate message filter module would not be hard to write if desired.

William

Revision history for this message
chris_c (c-camacho) wrote :

Logrotate will not mitigate GIGS of data a day (or even minute if its done maliciously)

The fact that duplicate message filter isnt there BY DEFAULT is very much a BUG just like all the default setting of other OS's that make bot nets so easy to create.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.