From owner-freebsd-questions Thu Oct 10 1:40:14 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B96F37B401 for ; Thu, 10 Oct 2002 01:40:13 -0700 (PDT) Received: from smtp010.tiscali.dk (smtp010.tiscali.dk [212.54.64.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2FE9443E9E for ; Thu, 10 Oct 2002 01:40:12 -0700 (PDT) (envelope-from db@traceroute.dk) Received: from rafter. (213.237.112.252.adsl.arsy.worldonline.dk [213.237.112.252]) by smtp010.tiscali.dk (8.12.5/8.12.5) with SMTP id g9A8dubR011129; Thu, 10 Oct 2002 10:39:59 +0200 (MEST) From: Socketd Date: Thu, 10 Oct 2002 08:45:11 GMT Message-ID: <20021010.8451100.1879103866@rafter.> Subject: Re: Security questions To: "DaleCo, S.P.---'the solutions people'" , freebsd-questions@freebsd.org In-Reply-To: <030d01c2700f$c0668600$fa00a8c0@DaleCoportable> References: <20021009.22451000.4017525480@rafter.> <030d01c2700f$c0668600$fa00a8c0@DaleCoportable> X-Mailer: Mozilla/3.0 (compatible; StarOffice/5.2;Linux) X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 10/10/02, 5:47:25 AM, "DaleCo, S.P.---'the solutions people'"=20 wrote regarding Re: Security questions: > The syslogd daemon reads messages from the UNIX domain socket > /var/run/log, from an Internet domain socket specified in > /etc/services, > and from the special device /dev/klog (to read kernel messages). > So I assume it runs as root in order to access the kernel log....? Ok, but couldn't it fork() at startup, so only the one listening at=20 /dev/klog runs as root? I have only been using FreeBSD since 4.5 and I haven't experienced a=20 security hole in syslogd, but wouldn't it be better to be safe that sorr= y=20 (by making syslogd run as a chroot'ed, non-root user)? Br socketd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message