From owner-freebsd-security Wed Feb 14 0:18:56 2001 Delivered-To: freebsd-security@freebsd.org Received: from spork.pantherdragon.org (spork.pantherdragon.org [206.29.168.146]) by hub.freebsd.org (Postfix) with ESMTP id 08B7F37B401 for ; Wed, 14 Feb 2001 00:18:54 -0800 (PST) Received: from pantherdragon.org (unknown [206.29.168.147]) by spork.pantherdragon.org (Postfix) with ESMTP id 2BA41471C5; Tue, 13 Feb 2001 20:38:50 -0800 (PST) Message-ID: <3A8A0BDA.21504E26@pantherdragon.org> Date: Tue, 13 Feb 2001 20:38:50 -0800 From: dmp@pantherdragon.org Organization: pantherdragon.org X-Mailer: Mozilla 4.51 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Dag-Erling Smorgrav Cc: Adam Laurie , security@FreeBSD.ORG Subject: Re: syslogd -ss not part of extreme security option? References: <3A88EB70.CC8CB78E@pantherdragon.org> <3A89707C.A539BA9C@algroup.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dag-Erling Smorgrav wrote: > Adam Laurie writes: > > eh? no security bug is "known" until it's found & exploited. just > > because it hasn't been found doesn't mean it doesn't exist. switching > > off a network listener for syslog when you are not doing network logging > > is much more than a warm fuzzy feeling, it's closing a potential > > security hole. i do it on standard installs, let alone "extreme > > security". > > It's not a listener. If you specify -s, the socket is half-closed so > you can use it to send log messages to other hosts, but can't receive. > If you specify -ss, the socket isn't opened at all so you can neither > send nor receive. Why not add it, though? Anyone who's going to do remote syslogging will know to set the appropriate option. For everyone else, it's just one more thing that doesn't need to be enabled by default. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message