From owner-freebsd-current  Mon Jan 22 21:39: 7 2001
Delivered-To: freebsd-current@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 5D4EE37B404
	for <current@freebsd.org>; Mon, 22 Jan 2001 21:38:50 -0800 (PST)
Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Mon, 22 Jan 2001 21:36:57 -0800
Received: (from cjc@localhost)
	by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.0) id f0N5ci536646;
	Mon, 22 Jan 2001 21:38:44 -0800 (PST)
	(envelope-from cjc)
Date: Mon, 22 Jan 2001 21:38:42 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc: current@FreeBSD.ORG
Subject: Re: excessive paranoia in syslogd(8)?
Message-ID: <20010122213842.O10761@rfx-216-196-73-168.users.reflex>
Reply-To: cjclark@alum.mit.edu
References: <20010120224944.I387@bonsai.knology.net> <20010120212039.M10761@rfx-216-196-73-168.users.reflex> <200101221740.MAA39988@khavrinen.lcs.mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <200101221740.MAA39988@khavrinen.lcs.mit.edu>; from wollman@khavrinen.lcs.mit.edu on Mon, Jan 22, 2001 at 12:40:00PM -0500
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Jan 22, 2001 at 12:40:00PM -0500, Garrett Wollman wrote:
> <<On Sat, 20 Jan 2001 21:20:39 -0800, "Crist J. Clark" <cjclark@reflexnet.net> said:
> 
> > If you want to or need to use network sockets,
> 
> >   # syslogd -a localhost
> 
> > Should provide the behavior you want.
> 
> I.e., no security whatsoever.

Well, yeah, it's syslogd(8) and as the manpage says,

  BUGS
       The ability to log messages received in UDP packets is equivalent to an
       unauthenticated remote disk-filling service...

However, doing 'syslogd -a localhost' should really not be much worse
than 'syslogd -s' or '-ss'. In all three cases, a local user can nail
you. The only risk I see is 127.0.0.1 being forced in from the LAN, and
even then, I can't recall if FreeBSD will ever accept loopback numbers
coming in a non-loopback interface. And that still is only local net,
127/8 packets aren't going to be routed.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message