From owner-cvs-usrsbin Wed Apr 22 13:16:13 1998 Return-Path: Received: (from daemon@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA09825 for cvs-usrsbin-outgoing; Wed, 22 Apr 1998 13:16:13 -0700 (PDT) (envelope-from owner-cvs-usrsbin) Received: from GndRsh.aac.dev.com (GndRsh.aac.dev.com [207.149.232.62] (may be forged)) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA09416; Wed, 22 Apr 1998 20:15:11 GMT (envelope-from rgrimes@GndRsh.aac.dev.com) Received: (from rgrimes@localhost) by GndRsh.aac.dev.com (8.8.8/8.8.8) id NAA08010; Wed, 22 Apr 1998 13:11:57 -0700 (PDT) (envelope-from rgrimes) From: "Rodney W. Grimes" Message-Id: <199804222011.NAA08010@GndRsh.aac.dev.com> Subject: Re: cvs commit: src/usr.sbin/syslogd syslogd.c In-Reply-To: <4371.893270854@critter.freebsd.dk> from Poul-Henning Kamp at "Apr 22, 98 08:47:34 pm" To: phk@critter.freebsd.dk (Poul-Henning Kamp) Date: Wed, 22 Apr 1998 13:11:57 -0700 (PDT) Cc: peter@netplex.com.au, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-usrsbin@FreeBSD.ORG, soren@dt.dk X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-cvs-usrsbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > In message <199804221810.LAA07748@GndRsh.aac.dev.com>, "Rodney W. Grimes" writes: > >> > >> Hmmmm, > >> > >> Now, I'm not too sure what people use SecureMode for, but it doesn't > >> make sense to expect one host to accept remote logging from other > >> hosts that don't, at least in my book... > > > >Your book may not involve a large AS of systems that remotely syslog to > >a central syslog server. All ``syslog clients'' run in syslogd -s mode, > >the ``syslog server'' runs in normal syslogd mode, but has ipfw setup > >such that it only accepts syslog packets from a trusted list of clients. > > Well, for the ipfw to work, wouldn't the socket need to be bound to > a well-known-port then ? That was the fact that made me conclude that > you couldn't do the above scenario in the first place. Your correct, in that you have to wild card the source port, which would allow someone on one of the syslogd client machines to abuse the server, but thats better than nothing at all, and the way things are now you would have to run syslogd in totally unsecure mode, a step backwards. A step forward would be to make -s use syslog 514 port as the source port for syslog messages. Then you could change the ipfw rules from ipfw add pass udp from ${trustedclient} to ${syslogserver} 514 to ipfw add pass udp from ${trustedclient} 514 to ${syslogserver} 514 > I would think that all securemode should do would be to not include the > fd in what select is watching, but the code before this change also > diked out the bind, so you wouldn't know what port you would be sending > syslog messages from, making ipfw unable to decide if the message came > from syslogd or some random user... True, but your changes force us to run wide open, both in and out, if we want to do remote logging at all :-(. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation, Inc. Reliable computers for FreeBSD