From owner-freebsd-security Wed Jan 6 02:44:05 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA22692 for freebsd-security-outgoing; Wed, 6 Jan 1999 02:44:05 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.149.24]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA22683 for ; Wed, 6 Jan 1999 02:44:03 -0800 (PST) (envelope-from avalon@cheops.anu.edu.au) Received: (from avalon@localhost) by cheops.anu.edu.au (8.9.1/8.9.1) id VAA24675; Wed, 6 Jan 1999 21:43:22 +1100 (EDT) From: Darren Reed Message-Id: <199901061043.VAA24675@cheops.anu.edu.au> Subject: Re: kernel/syslogd hack To: sthaug@nethelp.no Date: Wed, 6 Jan 1999 21:43:22 +1100 (EDT) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <7158.915619144@verdi.nethelp.no> from "sthaug@nethelp.no" at Jan 6, 99 11:39:04 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from sthaug@nethelp.no, sie said: > > > In what I think is a "bug" (or missing feature), commenting out syslog/514 > > in /etc/services causes syslogd not to start rather than to just not open > > up the UDP port (2.2.5) but "syslogd -s" shuts down the UDP port for > > reception of syslog messages, so that's covered. > > No, "syslogd -s" does *not* shut down the UDP port - at least not in > > $Id: syslogd.c,v 1.46 1998/12/29 23:14:50 cwt Exp $ > > Instead the packets are received and then logged as > > "syslogd: discarded %d unwanted packets in secure mode, last from %s" > > I would much prefer that it actually not listened to the UDP port at all. Indeed. It needs to have one open so it can send to other hosts, but it should not listen at all. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message