Initial draft of privilege escalation policy

Steve Grubb sgrubb at
Sat Jan 23 23:58:32 UTC 2010

On Wednesday 20 January 2010 01:50:21 pm Stephen John Smoogen wrote:
> >> * Write to system logs (with the exception that the 'cause to be
> >> performed' provision is waived in this case)
> >
> > Huh ? The mere fact of me logging in will cause system logs to be
> > written...
> You are not writing directly to /var/log/messages. You log in and
> login sends a message to syslogd which writes to the log.

Syslog has *no* integrity guarantees, only the audit logs do. Any user can run 
the /usr/bin/logger program and flood syslog. You can also call openlog() and 
tell it you are the kernel. Syslog is worthless from a security PoV.


More information about the test mailing list