Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 Apr 1998 22:02:43 +0800
From:      Peter Wemm <peter@netplex.com.au>
To:        Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc:        cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-usrsbin@FreeBSD.ORG, soren@dt.dk
Subject:   Re: cvs commit: src/usr.sbin/syslogd syslogd.c 
Message-ID:  <199804221402.WAA07928@spinner.netplex.com.au>
In-Reply-To: Your message of "Wed, 22 Apr 1998 13:34:52 %2B0200." <3176.893244892@critter.freebsd.dk> 

next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote:
> 
> Hmmmm,
> 
> Now, I'm not too sure what people use SecureMode for, but it doesn't
> make sense to expect one host to accept remote logging from other
> hosts that don't, at least in my book...
> 
> I would tend to say `document that you cant do remote logging with "-s"'
> and leave it at that, but I may be overlooking something here...

Secure mode is 'do not accept log entries from remote servers', which is 
what the existing code does (did).  It's not supposed to disable the local 
server from *sending* queries.

Many security conscious sites have a central log collector that accepts
syslog entries from all it's associated machines, and doesn't offer login 
or other services that might be compromisable to gain access.  All the 
other machines have their local syslogd's forwarding the more important 
log entries to the central machine.  They need to be able to send 
(obviously), but generally shouldn't accept syslog entries from "out 
there".  What you've done is disable the ability to send logs to a central 
server without exposing the machine to abuse.  This is a step backwards 
IMHO.

> Comments ?

If people are concerned about having the socket "sitting there" (which is 
a good thing IMHO, since syslogd can't be sure of *getting* a fd if 
somebody is attacking the machine by trying to use up all files), then 
perhaps an alternative might be to open and close the socket() before and 
after the sendto() while in SecureMode.

Incidently, I don't disagree with the cleanup in the diff, just the 
removal of the socket open.  The existing code was a bit messy and did 
work that was not needed (initialise sin, do the getservbyname() etc).

I suggest the following fix (relative to -current):
(mind xterm cut/paste spammage)

diff -u -r1.29 syslogd.c
--- syslogd.c   1998/04/22 06:28:18     1.29
+++ syslogd.c   1998/04/22 13:59:52
@@ -366,8 +366,8 @@
                created_lsock = 1;
 
        inetm = 0;
+       finet = socket(AF_INET, SOCK_DGRAM, 0); /* needed for forwarding */
        if (!SecureMode) {
-               finet = socket(AF_INET, SOCK_DGRAM, 0);
                if (finet >= 0) {
                        struct servent *sp;
 


> Poul-Henning

Cheers,
-Peter
--
Peter Wemm <peter@netplex.com.au>   Netplex Consulting





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804221402.WAA07928>