Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 Apr 1998 22:05:34 +0200
From:      Poul-Henning Kamp <phk@critter.freebsd.dk>
To:        Peter Wemm <peter@netplex.com.au>
Cc:        "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com>, cvs-committers@freebsd.org, cvs-all@freebsd.org, cvs-usrsbin@freebsd.org, soren@dt.dk
Subject:   Re: cvs commit: src/usr.sbin/syslogd syslogd.c 
Message-ID:  <4708.893275534@critter.freebsd.dk>
In-Reply-To: Your message of "Thu, 23 Apr 1998 03:54:21 %2B0800." <199804221954.DAA12177@spinner.netplex.com.au> 

next in thread | previous in thread | raw e-mail | index | archive | help

>> I would think that all securemode should do would be to not include the
>> fd in what select is watching, but the code before this change also
>> diked out the bind, so you wouldn't know what port you would be sending
>> syslog messages from, making ipfw unable to decide if the message came
>> from syslogd or some random user...
>
>Securemode stops the bind() and the select().  ipfw is irrelevant in 
>-s mode since it doesn't receive data.  The socket is only used for 
>sendto().  It's created and kept around so that syslogd can't ever get 
>stuck trying to send a critical log message over the network but fail 
>because all fd's are in use.

I'm talking about the ipfw at the remote master server...

If the subordinate syslogds doesn't do a bind to the canonical port,
you have no way of knowing that you got the packet from a syslogd...

--
Poul-Henning Kamp             FreeBSD coreteam member
phk@FreeBSD.ORG               "Real hackers run -current on their laptop."
"ttyv0" -- What UNIX calls a $20K state-of-the-art, 3D, hi-res color terminal



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4708.893275534>