From owner-freebsd-security  Tue Feb 13  1:46:13 2001
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id A3D4337B4EC
	for <security@FreeBSD.ORG>; Tue, 13 Feb 2001 01:46:10 -0800 (PST)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id KAA94407;
	Tue, 13 Feb 2001 10:46:03 +0100 (CET)
	(envelope-from des@ofug.org)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: dmp@pantherdragon.org
Cc: security@FreeBSD.ORG
Subject: Re: syslogd -ss not part of extreme security option?
References: <3A88EB70.CC8CB78E@pantherdragon.org>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: 13 Feb 2001 10:46:02 +0100
In-Reply-To: dmp@pantherdragon.org's message of "Tue, 13 Feb 2001 00:08:16 -0800"
Message-ID: <xzpelx2c3vp.fsf@flood.ping.uio.no>
Lines: 13
User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

dmp@pantherdragon.org writes:
> I was wondering why putting syslogd_flags="-ss" in /etc/rc.conf isn't
> part of sysinstall's extreme security option?  This is in 4.2-R, has
> it changed since the release?

It doesn't really buy you much except an insiginficant performance
increase and a warm fuzzy feeling - barring a kernel bug that would
allow data to be sent to a half-closed socket, but no such bug is
known.

DES
-- 
Dag-Erling Smorgrav - des@ofug.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message