[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vuln-dev
Subject:    Re: leaky kernel ? ;)
From:       "Andrei D. Caraman" <adc () KILI ! MEDIASAT ! RO>
Date:       1999-12-30 10:09:15
[Download RAW message or body]

On Wed, Dec 29, 1999 at 10:28:02PM +0100, mIV wrote:
> OK, there's RH 6.1 on 2.2.13. Let's take a look at /var/log/messages:
>
> Dec  2 13:28:48 pentium kernel: age....
> Dec  2 13:28:55 pentium kernel: 65 lated me
> Dec  2 13:28:58 pentium kernel:  6C original
> Dec  2 13:28:58 pentium kernel: ine as
> Dec  2 13:29:07 pentium kernel: age....
> Dec  2 13:29:14 pentium kernel: ge....-
> Dec 11 14:21:46 pentium kernel:  20 ...This
> Dec 11 14:22:49 pentium kernel:  3em te=B
> Dec 11 14:22:53 pentium kernel: 4B , ze ACK
>
> and so on ... Do you know where are these strings from ? I'll tell ya.
> It's all from my mail fetched by fetchmail (via PPP). OK, these were
> strings but we have also sth like this:
>
> Dec 13 22:24:38 pentium kernel: 40 21 4C BB F4 6F 5F DD @!L..o_.
> Dec 13 22:24:39 pentium kernel: C4 41 74 3F BD 54 47 B9 .At?.TG.
>
> These in turn look like some kind of binary dump. Apparently not only mail
> fragments land in my logs. It seems that entire net traffic is affected.

You have options "debug" and "kdebug 7" activated for your pppd.
Turn off debug, or at least decrease kdebug to 1, which should be enough
for debugging connection initialization.

> There's no need for sniffer in this case ;)
>
> That's not good when some net packets are dumped to system logs, is it ?
> Is it a bug ? If so, is it known to kernel developers ?

It's not a bug, it's a feature.



Cheers,
---------------------------------------------------------------
Andrei D. Caraman			phone: +40 (1) 2050 637
Sr Network Engineer			  fax: +40 (1) 2050 655
Mediasat SA

[prev in list] [next in list] [prev in thread] [next in thread]