LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A few thoughts.

A few thoughts.

Posted Nov 19, 2011 15:48 UTC (Sat) by NAR (subscriber, #1313)
In reply to: A few thoughts. by alankila
Parent article: The Journal - a proposed syslog replacement

Journald is trying to harden the logging facility against things such as attacker process flooding the log and thus causing the system to run out of space on the /var filesystem, a problem that seems to be ignored today.

And exactly how would journald solve this? All the attacker has to do is to flood the logs with unique messages...

(Log in to post comments)

A few thoughts.

Posted Nov 19, 2011 18:40 UTC (Sat) by alankila (subscriber, #47141) [Link]

It is said to ratelimit the logging speed if it starts to run out of disk space (but ratelimit based on what criteria?), and to rotate and purge the logs when the alternative is running out of space (but what entries will be purged?). These changes ought to solve the problem to a degree, and I am hoping sufficient intelligence is applied to make the best possible effort in these adversarial conditions.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds