. klogd.c by Troels Walsted Hansen <troels@thule.no>
I found a bug in the sysklogd package version 1.4. When it
encounters a zero byte in the kernel logging output, the text
parser enters a busy loop. I came upon it when the 3c59x driver
from kernel 2.4.0 started outputting two zero bytes for the product
code of my laptop's 3Com card. It could be argued that the kernel
should never output zero bytes in the logging info, but obviously
that will happen from time to time.
I fear this bug might be considered a security issue as well, if
the kernel can be coerced to output a zero byte somehow, all kernel
logging will stop.
Wolfgang Oertl <Wolfgang.Oertl@uibk.ac.at> had a similar bugfix
idea
. klogd.c by Thomas Roessler <roessler@does-not-exist.org>
Additionally, the patch prevents LogLine from being invoked with a
negative counter as an argument.
into "%s". Thanks to Solar Designer <solar@false.com> for the patch.
This refers to CVE-2000-0867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0867
Kernel logging daemon (klogd) in Linux does not properly cleanse
user-injected format strings, which allows local users to gain root
privileges by triggering malformed kernel messages.
Except, users cannot insert arbitrary strings in the kernel log
rinbuffer, can they?
. Keith Owens <kaos@ocs.com.au>
- Fixed bug that caused klogd to die if there is no sym_array available.
- When symbols are expanded, print the line twice. Once with
addresses converted to symbols, once with the raw text. Allows
external programs such as ksymoops do their own processing on the
original data.
* Changed Greg's e-mail address to represent his current one.
* Shortened line length for kernel logging slightly.
* Corrected return value of AddModule (closes: Bug#30093)
* Finally fixed an error with `-a' processing, thanks to Topi Miettinen
<tom@medialab.sonera.net> (closes: Bug#30462)
Added support for TESTING define which will turn klogd into
stdio-mode used for debugging.
Mon Oct 12 13:01:27 MET DST 1998: Martin Schulze <joey@infodrom.north.de>
Used unsigned long and strtoul() to resolve kernel oops symbols.
<F.Potorti@cnuce.cnr.it> (closes: Bug#20903)
* Corrected email address for Shane Alderton (closes: Bug#20765)
* Fixed manpage to not reflect reverse implementated SIGALRM signal
handler (closes: Bug#20647)
* Modified behaviour with including <sys/module.h> (closes: Bug#20556)
* Added correct prototype for llseek() (closes: Bug#20507, Bug#20220)
* Added more log information if problems occurr while reading a system
map file.
* Modified System.map read function to try all possible map files until
a file with matching version is found.
* Added Debian release to klogd
* Switched to fgets() as gets() is not buffer overrun secure.
* Modified loop for detecting the correct system map.
special messages from 2.1.78. Thanks to Chu-yeon Park
<kokids@doit.ajou.ac.kr> for informing me.
* Fixed bug that caused klogd to die if there is no System.map
available.
* Added -x switch to omit EIP translation and System.map evaluation.
Thanks to Florian La Roche <florian@knorke.saar.de>.
* Fixed small bugs in F_FORW_UNKN meachanism. Thanks to Torsten Neumann
<torsten@londo.rhein-main.de> for pointing me to it.
* Fixed problem with klogd not being able to be built on a kernel newer
than 2.1.18. Worked in a patch from Alessandro Suardi <asuardi@uninetcom.it>
* Reworked one line of an older patch because it prevented syslogd from
binding the socket with the result that no messages were forwarded to
other hosts.
* Changed the behaviour of klogd when receiving a terminate signal. Now
the program terminates immediately instead of completing the receipt of
a kernel message. (Bug#16796, Bug#16828, Bug#16148)
* Noticed a bug which was closed by 1.3-18 (Bug#14776)
* Changed Maintainer address to joey@debian.org
