Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 Apr 1998 20:47:34 +0200
From:      Poul-Henning Kamp <phk@critter.freebsd.dk>
To:        "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com>
Cc:        peter@netplex.com.au, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-usrsbin@FreeBSD.ORG, soren@dt.dk
Subject:   Re: cvs commit: src/usr.sbin/syslogd syslogd.c 
Message-ID:  <4371.893270854@critter.freebsd.dk>
In-Reply-To: Your message of "Wed, 22 Apr 1998 11:10:19 PDT." <199804221810.LAA07748@GndRsh.aac.dev.com> 

next in thread | previous in thread | raw e-mail | index | archive | help
In message <199804221810.LAA07748@GndRsh.aac.dev.com>, "Rodney W. Grimes" writes:
>> 
>> Hmmmm,
>> 
>> Now, I'm not too sure what people use SecureMode for, but it doesn't
>> make sense to expect one host to accept remote logging from other
>> hosts that don't, at least in my book...
>
>Your book may not involve a large AS of systems that remotely syslog to
>a central syslog server.  All ``syslog clients'' run in syslogd -s mode,
>the ``syslog server'' runs in normal syslogd mode, but has ipfw setup
>such that it only accepts syslog packets from a trusted list of clients.

Well, for the ipfw to work, wouldn't the socket need to be bound to 
a well-known-port then ?  That was the fact that made me conclude that
you couldn't do the above scenario in the first place.

I would think that all securemode should do would be to not include the
fd in what select is watching, but the code before this change also
diked out the bind, so you wouldn't know what port you would be sending
syslog messages from, making ipfw unable to decide if the message came
from syslogd or some random user...

--
Poul-Henning Kamp             FreeBSD coreteam member
phk@FreeBSD.ORG               "Real hackers run -current on their laptop."
"Drink MONO-tonic, it goes down but it will NEVER come back up!"

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4371.893270854>