php syslog function

N

Nerigal

Verified User
Joined
Jul 6, 2009
Messages
124
hi,

i found weird log entries in /var/log/messages and after some research it come from a Drupal cms hosted in one of my server...

the problem is that the drupal seams to use syslog() method from php that output to the linux syslog deamon.

first... im not comfortable with the fact that somebody flood my /var/log/messages but where i get seriously nervous is the point that even with safe mode ON syslog() can still output to /var/log/messages witch is a 600 root root perm file

note also that the hosted script that run syslog() run as the user itself with perm 666

can someone explain me how syslog() and/or openlog() | can have write access to /var/log/messages with php safe mode on ?

thanks
 
Warning

This feature has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.

Try mod_ruid or suphp.

Also you can disable functions in php...did you know that? :)
 
syslog() is not directly writing to your logfile. It's calling a program called syslogd (the system logging daemon) which writes to your logfiles. The daemon is NOT part of php. You can certainly disable calls to syslogd if you really don't want to know what php is doing.

Jeff
 
jlasman said:
syslog() is not directly writing to your logfile. It's calling a program called syslogd (the system logging daemon) which writes to your logfiles. The daemon is NOT part of php. You can certainly disable calls to syslogd if you really don't want to know what php is doing.

Jeff
Click to expand...


i know... i personally still see it as an escalation exploit risk to flood system log
but this is just my opinion.
 
You must log in or register to reply here.
Back
Top