Bug#590598: saslauthd - auth via ldap/sasl logs debug messages

Bastian Blank waldi at debian.org
Wed Jul 28 14:07:38 UTC 2010


On Wed, Jul 28, 2010 at 08:24:51AM -0500, Dan White wrote:
> On 28/07/10 10:28 +0200, Bastian Blank wrote:
>> No. The tools must not send debug messages without being asked to do
>> so. Why does libsasl use syslog for interactive usage anyway?
> It's a design philosophy of how libsasl attempts to perform debugging
> since, in many cases, it's the only way (via syslog) that it can provide
> feedback to the user or system administrator.

This is no "feedback", because I didn't ask for it. This is a DoS
against the system via syslog. If you think this output is important,
please describe what a normal user can read out of it, especially as
there is no surrounding information.

> This philosophy is briefly discussed in:
> http://cyrusimap.web.cmu.edu/imapd/install-configure.html

Where is this documented _in_ the Debian package that the user must
change the default syslog config?

Bastian

-- 
I'm frequently appalled by the low regard you Earthmen have for life.
		-- Spock, "The Galileo Seven", stardate 2822.3





More information about the Pkg-cyrus-sasl2-debian-devel mailing list