Re: [Xen-devel] XSA-180 follow-up: repurpose xenconsoled for logging

[George Dunlap <george.dunlap@xxxxxxxxxx>]

On 06/06/16 16:48, Wei Liu wrote:
>> A distro which isn't equipped to deal with these things is of no
>> practical use in the real world.
>>
>> Any distro we care about supporting is equipped to deal with logs.
>>
>>>
>>> I agree that if logging using existing logging systems were workable,
>>> that would be a better solution.  Wei did actually spend a decent chunk
>>> of time looking at other options, including logrotate and journald
>>> before settling on using xenconsoled.
>>>
>>> A lot of this brainstorming and discussion happened off-list because
>>> XSA-180 was still embargoed, so I can understand why it looks like this
>>> came out of nowhere.  It would probably be good for Wei to report here
>>> what he found and why he decided to propose this solution instead.
>>
>> Please do.  Until there is an understanding of why the standard
>> mechanisms are not suitable, it is premature and naive to re-invent a wheel.
>>
> 
> With syslog and logrotate you will still end up filling up your disk.
> Logrotate can't actively rotate log files.

FWIW CentOS 6 and 7 (which use rsyslogd and systemd-journald
respectively) seem to have rate-limiting stuff enabled by default; the
attached program causes a lot of CPU utilization, but no disk resource
exhaustion.

> You can't just tap syslog to QEMU at the moment unless you use the
> script I sent to XSA-180 security@ discussion. That's still a hacked up
> solution.
> 
> I actually don't mind having syslog deal with those, but we need to
> provide some not-so-hacked-up way for doing it.

On Linux, it looks like you can create a socket and "connect" to /dev/log.

 -George

Attachment: syslog-flood.c
Description: Text Data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel