Date: Wed, 22 Apr 1998 22:55:25 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com> Cc: peter@netplex.com.au, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-usrsbin@FreeBSD.ORG, soren@dt.dk Subject: Re: cvs commit: src/usr.sbin/syslogd syslogd.c Message-ID: <4852.893278525@critter.freebsd.dk> In-Reply-To: Your message of "Wed, 22 Apr 1998 13:11:57 PDT." <199804222011.NAA08010@GndRsh.aac.dev.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> I would think that all securemode should do would be to not include the >> fd in what select is watching, but the code before this change also >> diked out the bind, so you wouldn't know what port you would be sending >> syslog messages from, making ipfw unable to decide if the message came >> from syslogd or some random user... > >True, but your changes force us to run wide open, both in and out, if >we want to do remote logging at all :-(. Yes, but remember that the mods (not mine!) was reviewed by me, and I concluded that since that bind was absent it was snake oil security. If you and peter agree with me that all -s should do is to not listen for packets, but still bind to the syslog udp port so the remote receiver of our syslog messages know we sent them, then I'll happily make it do that. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." "ttyv0" -- What UNIX calls a $20K state-of-the-art, 3D, hi-res color terminal To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4852.893278525>