From owner-freebsd-security  Wed Jan  6 02:39:35 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA21910
          for freebsd-security-outgoing; Wed, 6 Jan 1999 02:39:35 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id CAA21904
          for <freebsd-security@FreeBSD.ORG>; Wed, 6 Jan 1999 02:39:33 -0800 (PST)
          (envelope-from sthaug@nethelp.no)
From: sthaug@nethelp.no
Received: (qmail 7160 invoked by uid 1001); 6 Jan 1999 10:39:05 +0000 (GMT)
To: avalon@coombs.anu.edu.au
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: kernel/syslogd hack
In-Reply-To: Your message of "Wed, 6 Jan 1999 20:35:23 +1100 (EDT)"
References: <199901060935.UAA24071@cheops.anu.edu.au>
X-Mailer: Mew version 1.05+ on Emacs 19.34.2
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Date: Wed, 06 Jan 1999 11:39:04 +0100
Message-ID: <7158.915619144@verdi.nethelp.no>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> In what I think is a "bug" (or missing feature), commenting out syslog/514
> in /etc/services causes syslogd not to start rather than to just not open
> up the UDP port (2.2.5) but "syslogd -s" shuts down the UDP port for
> reception of syslog messages, so that's covered.

No, "syslogd -s" does *not* shut down the UDP port - at least not in

$Id: syslogd.c,v 1.46 1998/12/29 23:14:50 cwt Exp $

Instead the packets are received and then logged as

"syslogd: discarded %d unwanted packets in secure mode, last from %s"

I would much prefer that it actually not listened to the UDP port at all.

Steinar Haug, Nethelp consulting, sthaug@nethelp.no

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message