From owner-freebsd-arch  Mon Mar 20 21:18:18 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from ns1.yes.no (ns1.yes.no [195.204.136.10])
	by hub.freebsd.org (Postfix) with ESMTP id 8A87B37B9F3
	for <freebsd-arch@freebsd.org>; Mon, 20 Mar 2000 21:18:12 -0800 (PST)
	(envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.9.3/8.9.3) with ESMTP id GAA18941
	for <freebsd-arch@freebsd.org>; Tue, 21 Mar 2000 06:20:52 +0100 (CET)
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id GAA13303
	for freebsd-arch@freebsd.org; Tue, 21 Mar 2000 06:18:06 +0100 (MET)
Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11])
	by hub.freebsd.org (Postfix) with ESMTP id B6A3537BAC0
	for <arch@freebsd.org>; Mon, 20 Mar 2000 21:16:04 -0800 (PST)
	(envelope-from Doug@gorean.org)
Received: from slave (doug@slave [10.0.0.1])
	by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id VAA61938;
	Mon, 20 Mar 2000 21:15:47 -0800 (PST)
	(envelope-from Doug@gorean.org)
Date: Mon, 20 Mar 2000 21:15:47 -0800 (PST)
From: Doug Barton <Doug@gorean.org>
X-Sender: doug@dt051n0b.san.rr.com
To: Nick Johnson <freebsd@spatula.net>
Cc: arch@freebsd.org
Subject: Re: syslogd_flags in /etc/defaults/rc.conf
In-Reply-To: <Pine.BSF.4.21.0003200935140.25240-100000@web2.sea.nwserv.com>
Message-ID: <Pine.BSF.4.21.0003202111520.61921-100000@dt051n0b.san.rr.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

	This is really the kind of discussion that should take place on
arch, unless someone changed their mind again. :)

On Mon, 20 Mar 2000, Nick Johnson wrote:

> I'm curious to see if anyone is like-minded with me that syslogd_flags in
> /etc/defaults/rc.conf should be "-ss" instead of "".  I reasoned that it
> should be, considering:
> 
>   1. Most people don't direct syslogs at other machines in my experience.

1a. The people that do know how to change the flags. 

>   2. Someone could conceivably DOS a machine by directing tons of crap at 
>      port 121, which is also noted in the BUGS section of the syslogd
>      manpage.

	Seen it happen, not pretty. My customer asked me why freebsd
shipped with this vulnerability enabled. I had no answer. 

>   3. Syslogd runs as root, and while it is a mature piece of code, I think
>      it preferable to minimize the number of root applications listening
>      on sockets.

	I would further propose that the flags be -ssvv, which would go a
long ways toward teaching new system administrators what is logged where,
and why. 

Thanks for the great suggestion,

Doug
-- 
"While the future's there for anyone to change, still you know it seems, 
 it would be easier sometimes to change the past"

     - Jackson Browne, "Fountain of Sorrow"





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message