From owner-cvs-all  Wed Apr 22 13:08:45 1998
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA06872
          for cvs-all-outgoing; Wed, 22 Apr 1998 13:08:45 -0700 (PDT)
          (envelope-from owner-cvs-all@FreeBSD.ORG)
Received: from critter.freebsd.dk (critter.freebsd.dk [195.8.129.14])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA06579;
          Wed, 22 Apr 1998 20:08:21 GMT
          (envelope-from phk@critter.freebsd.dk)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.8.7/8.8.5) with ESMTP id WAA04710;
	Wed, 22 Apr 1998 22:05:34 +0200 (CEST)
To: Peter Wemm <peter@netplex.com.au>
cc: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com>,
        cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG,
        cvs-usrsbin@FreeBSD.ORG, soren@dt.dk
Subject: Re: cvs commit: src/usr.sbin/syslogd syslogd.c 
In-reply-to: Your message of "Thu, 23 Apr 1998 03:54:21 +0800."
             <199804221954.DAA12177@spinner.netplex.com.au> 
Date: Wed, 22 Apr 1998 22:05:34 +0200
Message-ID: <4708.893275534@critter.freebsd.dk>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk


>> I would think that all securemode should do would be to not include the
>> fd in what select is watching, but the code before this change also
>> diked out the bind, so you wouldn't know what port you would be sending
>> syslog messages from, making ipfw unable to decide if the message came
>> from syslogd or some random user...
>
>Securemode stops the bind() and the select().  ipfw is irrelevant in 
>-s mode since it doesn't receive data.  The socket is only used for 
>sendto().  It's created and kept around so that syslogd can't ever get 
>stuck trying to send a critical log message over the network but fail 
>because all fd's are in use.

I'm talking about the ipfw at the remote master server...

If the subordinate syslogds doesn't do a bind to the canonical port,
you have no way of knowing that you got the packet from a syslogd...

--
Poul-Henning Kamp             FreeBSD coreteam member
phk@FreeBSD.ORG               "Real hackers run -current on their laptop."
"ttyv0" -- What UNIX calls a $20K state-of-the-art, 3D, hi-res color terminal

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message