> Changes by: bl...@cvs.openbsd.org 2016/05/10 17:54:01 > > Modified files: > sys/kern : init_main.c subr_log.c > sys/sys : systm.h > > Log message: > If sendsyslog(2) is called with LOG_CONS before syslogd(8) has been > started and before init(8) has opened the console, the kernel could > crash as the console device has not been initialized. Open > /dev/console in the kernel before starting init(8) and keep it open. > This way sendsyslog(2) can be called early in the system. > OK beck@ deraadt@
A fascinating bug. If anyone does sendsyslog(2) on another OS please be aware of this trap. And... a reminder that sendsyslog(2) decouples syslog(3) and family from libc malloc and socket behaviours. In particular this is good for the stack protector alerts. Are you sure you get stack protector alerts? What if the attacker can first run you out of file descriptors? Convinced?
