Date: Thu, 10 Oct 2002 08:45:11 GMT From: Socketd <db@traceroute.dk> To: "DaleCo, S.P.---'the solutions people'" <daleco@daleco.biz>, freebsd-questions@freebsd.org Subject: Re: Security questions Message-ID: <20021010.8451100.1879103866@rafter.> In-Reply-To: <030d01c2700f$c0668600$fa00a8c0@DaleCoportable> References: <20021009.22451000.4017525480@rafter.> <030d01c2700f$c0668600$fa00a8c0@DaleCoportable>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 10/10/02, 5:47:25 AM, "DaleCo, S.P.---'the solutions people'"=20 <daleco@daleco.biz> wrote regarding Re: Security questions: > The syslogd daemon reads messages from the UNIX domain socket > /var/run/log, from an Internet domain socket specified in > /etc/services, > and from the special device /dev/klog (to read kernel messages). > So I assume it runs as root in order to access the kernel log....? Ok, but couldn't it fork() at startup, so only the one listening at=20 /dev/klog runs as root? I have only been using FreeBSD since 4.5 and I haven't experienced a=20 security hole in syslogd, but wouldn't it be better to be safe that sorr= y=20 (by making syslogd run as a chroot'ed, non-root user)? Br socketd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021010.8451100.1879103866>