Why not then just log uncaught exceptions?
char *foo = 0;
sigset(SIGSEGV,SIG_IGNORE);
for(;;) { *foo = '\5'; }
Your logfiles just got DoS'ed....
Because deliberately creating an uncaught exception is a perfectly sane,
reasonable thing to do with well-defined semantics. Applications should feel
free to do such reasonable things without getting complaints from the system
administrator that their log is being flooded with garbage.
There is no mechanism that is guaranteed to terminate a process other than
sending yourself an exception that is not caught. So in cases where you must
guarantee that your process terminates, it is perfectly reasonable to send
yourself a SIGILL.
On Sat, Aug 16, 2003 at 06:06:34PM -0500, David D. Hagood wrote:----------------------------------------------
Valdis.Kletnieks@xxxxxx wrote:
Consider this code:
char *foo = 0;
sigset(SIGSEGV,SIG_IGNORE);
for(;;) { *foo = '\5'; }
Your logfiles just got DoS'ed....
...
Consider this code:
for (;;) syslog(LOG_INFO, "root, hurt me please!");
My point being, that if a user wishes to spam the syslog he can.
Please read the syslogd man page - see under "SECURITY THREATS".
Especially option 5 in that section:
----------------
5. Use step 4 and if the problem persists and is not secondary to a rogue
program/daemon get a 3.5 ft (approx. 1 meter) length of sucker rod* and
have a chat with the user in question.
Sucker rod def. -- 3/4, 7/8 or 1in. hardened steel rod, male threaded
on each end. Primary use in the oil industry in Western North Dakota
and other locations to pump 'suck' oil from oil wells. Secondary uses
are for the construction of cattle feed lots and for dealing with the
occasional recalcitrant or belligerent individual.
----------------
FreeBSD logs any number of normal things that sane, reasonable processes do
and it's very annoying. A very annoying example is FreeBSD's desire to log
calls to 'wait' functions with 'SIGCHLD' ignored. How else can portable
programs say, "I want you to automatically reap my zombies if you can, but
otherwise, I'll reap them if needed by calling waitpid(WNOHANG) every once
in a while".