From owner-freebsd-security Tue Feb 13 10:38:14 2001 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 5128337B491 for ; Tue, 13 Feb 2001 10:38:11 -0800 (PST) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id TAA96716; Tue, 13 Feb 2001 19:38:09 +0100 (CET) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Adam Laurie Cc: dmp@pantherdragon.org, security@FreeBSD.ORG Subject: Re: syslogd -ss not part of extreme security option? References: <3A88EB70.CC8CB78E@pantherdragon.org> <3A89707C.A539BA9C@algroup.co.uk> From: Dag-Erling Smorgrav Date: 13 Feb 2001 19:38:08 +0100 In-Reply-To: Adam Laurie's message of "Tue, 13 Feb 2001 17:35:56 +0000" Message-ID: Lines: 16 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Adam Laurie writes: > eh? no security bug is "known" until it's found & exploited. just > because it hasn't been found doesn't mean it doesn't exist. switching > off a network listener for syslog when you are not doing network logging > is much more than a warm fuzzy feeling, it's closing a potential > security hole. i do it on standard installs, let alone "extreme > security". It's not a listener. If you specify -s, the socket is half-closed so you can use it to send log messages to other hosts, but can't receive. If you specify -ss, the socket isn't opened at all so you can neither send nor receive. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message