Hi all, First, about log injection:
https://www.owasp.org/index.php/Log_injection I do not know about a better reference for it. My current system is OI 151a8. When I do syslog( LOG_DEBUG, "Hello\nworld" ); in perl (and I assume C is the same), I get Nov 12 13:31:56 asuka logtest[14973]: [ID 702911 user.debug] Hello Nov 12 13:31:56 asuka world in my log file. Which is exactly the kind of vulnerability OWASP is talking about. I have not tried other control characters, yet. For the record, Ubuntu's rsyslog encodes control characters with # escaped octal numbers, like #007. I have personally no opinion if this behaviour should change, it's a simple heads up about a documented vulnerability at OWASP. -- Johann I'm not from the internet, I just work there. ------------------------------------------- illumos-discuss Archives: https://www.listbox.com/member/archive/182180/=now RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be Modify Your Subscription: https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4 Powered by Listbox: http://www.listbox.com
