From owner-freebsd-security Tue Feb 13 9:38: 7 2001 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id C449737B503 for ; Tue, 13 Feb 2001 09:38:03 -0800 (PST) Received: from algroup.co.uk ([192.168.192.1]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id RAA12474; Tue, 13 Feb 2001 17:36:00 GMT Message-ID: <3A89707C.A539BA9C@algroup.co.uk> Date: Tue, 13 Feb 2001 17:35:56 +0000 From: Adam Laurie X-Mailer: Mozilla 4.7 [en-gb] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Dag-Erling Smorgrav Cc: dmp@pantherdragon.org, security@FreeBSD.ORG Subject: Re: syslogd -ss not part of extreme security option? References: <3A88EB70.CC8CB78E@pantherdragon.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dag-Erling Smorgrav wrote: > > dmp@pantherdragon.org writes: > > I was wondering why putting syslogd_flags="-ss" in /etc/rc.conf isn't > > part of sysinstall's extreme security option? This is in 4.2-R, has > > it changed since the release? > > It doesn't really buy you much except an insiginficant performance > increase and a warm fuzzy feeling - barring a kernel bug that would > allow data to be sent to a half-closed socket, but no such bug is > known. eh? no security bug is "known" until it's found & exploited. just because it hasn't been found doesn't mean it doesn't exist. switching off a network listener for syslog when you are not doing network logging is much more than a warm fuzzy feeling, it's closing a potential security hole. i do it on standard installs, let alone "extreme security". cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 Voysey House http://www.thebunker.net Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message