Date: Wed, 14 Feb 2001 01:22:06 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: dmp@pantherdragon.org Cc: Dag-Erling Smorgrav <des@ofug.org>, Adam Laurie <adam@algroup.co.uk>, security@FreeBSD.ORG Subject: Re: syslogd -ss not part of extreme security option? Message-ID: <20010214012206.P62368@rfx-216-196-73-168.users.reflex> In-Reply-To: <3A8A0BDA.21504E26@pantherdragon.org>; from dmp@pantherdragon.org on Tue, Feb 13, 2001 at 08:38:50PM -0800 References: <3A88EB70.CC8CB78E@pantherdragon.org> <xzpelx2c3vp.fsf@flood.ping.uio.no> <3A89707C.A539BA9C@algroup.co.uk> <xzpzofqe8dr.fsf@flood.ping.uio.no> <3A8A0BDA.21504E26@pantherdragon.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 13, 2001 at 08:38:50PM -0800, dmp@pantherdragon.org wrote: > Dag-Erling Smorgrav wrote: > > Adam Laurie <adam@algroup.co.uk> writes: > > > eh? no security bug is "known" until it's found & exploited. just > > > because it hasn't been found doesn't mean it doesn't exist. switching > > > off a network listener for syslog when you are not doing network logging > > > is much more than a warm fuzzy feeling, it's closing a potential > > > security hole. i do it on standard installs, let alone "extreme > > > security". > > > > It's not a listener. If you specify -s, the socket is half-closed so > > you can use it to send log messages to other hosts, but can't receive. > > If you specify -ss, the socket isn't opened at all so you can neither > > send nor receive. > > Why not add it, though? Anyone who's going to do remote syslogging > will know to set the appropriate option. No they won't. Do you promise to answer all of the people who come to -questions asking why they can't log to another machine? "I could always do it before!" You can take over answering all the people asking why they can't install a new kernel (who's idea was it to have people set securelevel(8) in sysinstall(8), oops I remember...). > For everyone else, it's just > one more thing that doesn't need to be enabled by default. The only purpose the second '-s' serves is to make the line from syslogd(8) disappear from netstat(8) output. It has no real security use. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010214012206.P62368>