Date: Tue, 13 Feb 2001 17:35:56 +0000 From: Adam Laurie <adam@algroup.co.uk> To: Dag-Erling Smorgrav <des@ofug.org> Cc: dmp@pantherdragon.org, security@FreeBSD.ORG Subject: Re: syslogd -ss not part of extreme security option? Message-ID: <3A89707C.A539BA9C@algroup.co.uk> References: <3A88EB70.CC8CB78E@pantherdragon.org> <xzpelx2c3vp.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smorgrav wrote: > > dmp@pantherdragon.org writes: > > I was wondering why putting syslogd_flags="-ss" in /etc/rc.conf isn't > > part of sysinstall's extreme security option? This is in 4.2-R, has > > it changed since the release? > > It doesn't really buy you much except an insiginficant performance > increase and a warm fuzzy feeling - barring a kernel bug that would > allow data to be sent to a half-closed socket, but no such bug is > known. eh? no security bug is "known" until it's found & exploited. just because it hasn't been found doesn't mean it doesn't exist. switching off a network listener for syslog when you are not doing network logging is much more than a warm fuzzy feeling, it's closing a potential security hole. i do it on standard installs, let alone "extreme security". cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 Voysey House http://www.thebunker.net Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A89707C.A539BA9C>