From owner-freebsd-security Tue Aug 25 13:35:14 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA29678 for freebsd-security-outgoing; Tue, 25 Aug 1998 13:35:14 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA29670 for ; Tue, 25 Aug 1998 13:35:11 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id NAA29360; Tue, 25 Aug 1998 13:34:03 -0700 (PDT) Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3) id sma029356; Tue Aug 25 13:33:58 1998 Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id NAA15314; Tue, 25 Aug 1998 13:33:58 -0700 (PDT) From: Archie Cobbs Message-Id: <199808252033.NAA15314@bubba.whistle.com> Subject: Re: Scaring the bezeesus out of your system admin as a normal user: In-Reply-To: <35E2F4CC.5820504D@dal.net> from Studded at "Aug 25, 98 10:30:52 am" To: Studded@dal.net (Studded) Date: Tue, 25 Aug 1998 13:33:58 -0700 (PDT) Cc: hart@iserver.com, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Studded writes: > > > This is kind of a related question, but in 2.2.7-RELEASE syslogd appears > > > to have been modified to bind to its UDP port even if it is run with the > > > -s flag. It does discard packets received on the port (but still logs a > > > message about it!), but should it not even bind to the port when running > > > in secure mode? It didn't bind to the port in previous versions, if > > > memory serves. > > > > > > If this was a recent design decision that is meant to last, I think I will > > > hack my syslogd back to the way it used to be. > > > > If you do, send it in with send-pr... this behavior seems kindof silly. > > This was discussed several months ago (check the archives for -Stable I > think), but my understanding was that it was decided ultimately NOT to > bind the port otherwise I would have made more noise about it myself. Actually, he's right.. the -current syslogd will bind to the UDP port no matter whether -s is specified or not. It does drop packets (and log a warning) if it receives anything when -s is set. It looks like this is done because syslogd still needs a UDP socket from which to forward log entries when told to do so in /etc/syslog.conf. Guess that makes sense. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message