From owner-freebsd-security  Tue Feb 13  9:38: 7 2001
Delivered-To: freebsd-security@freebsd.org
Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193])
	by hub.freebsd.org (Postfix) with ESMTP id C449737B503
	for <security@FreeBSD.ORG>; Tue, 13 Feb 2001 09:38:03 -0800 (PST)
Received: from algroup.co.uk ([192.168.192.1]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id RAA12474; Tue, 13 Feb 2001 17:36:00 GMT
Message-ID: <3A89707C.A539BA9C@algroup.co.uk>
Date: Tue, 13 Feb 2001 17:35:56 +0000
From: Adam Laurie <adam@algroup.co.uk>
X-Mailer: Mozilla 4.7 [en-gb] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: dmp@pantherdragon.org, security@FreeBSD.ORG
Subject: Re: syslogd -ss not part of extreme security option?
References: <3A88EB70.CC8CB78E@pantherdragon.org> <xzpelx2c3vp.fsf@flood.ping.uio.no>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Dag-Erling Smorgrav wrote:
> 
> dmp@pantherdragon.org writes:
> > I was wondering why putting syslogd_flags="-ss" in /etc/rc.conf isn't
> > part of sysinstall's extreme security option?  This is in 4.2-R, has
> > it changed since the release?
> 
> It doesn't really buy you much except an insiginficant performance
> increase and a warm fuzzy feeling - barring a kernel bug that would
> allow data to be sent to a half-closed socket, but no such bug is
> known.

eh? no security bug is "known" until it's found & exploited. just
because it hasn't been found doesn't mean it doesn't exist. switching
off a network listener for syslog when you are not doing network logging
is much more than a warm fuzzy feeling, it's closing a potential
security hole. i do it on standard installs, let alone "extreme
security".

cheers,
Adam
--
Adam Laurie                   Tel: +44 (20) 8742 0755
A.L. Digital Ltd.             Fax: +44 (20) 8742 5995
Voysey House                  http://www.thebunker.net
Barley Mow Passage            http://www.aldigital.co.uk
London W4 4GB                 mailto:adam@algroup.co.uk
UNITED KINGDOM                PGP key on keyservers


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message