From owner-freebsd-security Mon Jul 28 12:58:14 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id MAA28363 for security-outgoing; Mon, 28 Jul 1997 12:58:14 -0700 (PDT) Received: from mail.MCESTATE.COM (vince@mail.MCESTATE.COM [207.211.200.50]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA28352 for ; Mon, 28 Jul 1997 12:58:10 -0700 (PDT) Received: from localhost (vince@localhost) by mail.MCESTATE.COM (8.8.5/8.8.5) with SMTP id MAA05814; Mon, 28 Jul 1997 12:56:33 -0700 (PDT) Date: Mon, 28 Jul 1997 12:56:33 -0700 (PDT) From: Vincent Poy To: Robert Watson cc: Guido van Rooij , loco@onyks.wszib.poznan.pl, security@FreeBSD.ORG, mario1@PrimeNet.Com, johnnyu@accessus.net Subject: Re: security hole in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Mon, 28 Jul 1997, Robert Watson wrote: =)> What does the -s do anyways? I know it means secure but isn't it =)> supposed to be secure already out of the box? =) =)-s prevents syslogd from accepting network network log messages. Without =)it, anyone who can deliver a packet to the syslog port using UDP can add a =)line to your system logs. When you add entries to syslog.conf like this: =) =)*.error @loghost.domain =) =)you rely on not having the -s flag set. =) =)Allowing log messages from unauthorized hosts is a security problem, as =)someone can insert ficticious messages (often-times, spoofed), flood your =)logs, etc. Never noticed this one, was there a reason FreeBSD shipped with -s off by default? Cheers, Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] GaiaNet Corporation - M & C Estate / / / / | / | __] ] Beverly Hills, California USA 90210 / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]