From owner-cvs-all Wed Apr 22 14:41:41 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA07563 for cvs-all-outgoing; Wed, 22 Apr 1998 14:41:41 -0700 (PDT) (envelope-from owner-cvs-all@FreeBSD.ORG) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA07445; Wed, 22 Apr 1998 21:41:14 GMT (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.8.8/8.8.8) id RAA02873; Wed, 22 Apr 1998 17:41:02 -0400 (EDT) (envelope-from wollman) Date: Wed, 22 Apr 1998 17:41:02 -0400 (EDT) From: Garrett Wollman Message-Id: <199804222141.RAA02873@khavrinen.lcs.mit.edu> To: Poul-Henning Kamp Cc: "Rodney W. Grimes" , peter@netplex.com.au, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-usrsbin@FreeBSD.ORG, soren@dt.dk Subject: Re: cvs commit: src/usr.sbin/syslogd syslogd.c In-Reply-To: <4852.893278525@critter.freebsd.dk> References: <199804222011.NAA08010@GndRsh.aac.dev.com> <4852.893278525@critter.freebsd.dk> Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk < said: > Yes, but remember that the mods (not mine!) was reviewed by me, and > I concluded that since that bind was absent it was snake oil security. Complete and utter nonsense! Adding a bind(2) adds absolutely nothing to security. > If you and peter agree with me that all -s should do is to not listen > for packets, but still bind to the syslog udp port so the remote > receiver of our syslog messages know we sent them, then I'll happily > make it do that. ---------------------------- revision 1.23 date: 1997/04/26 00:00:33; author: pst; state: Exp; lines: +13 -19 Secure mode (-s) incorrectly disabled both sending and receiving of syslog packets over UDP. Secure boxes should still be able to send packets. ---------------------------- revision 1.9 date: 1996/07/22 16:35:50; author: pst; state: Exp; lines: +24 -16 Bring in some fixes from NetBSD and re-hack our syslogd to be option-compatible with theirs (change the -I option to -s (but leave -I in for backwards compat.) Also eliminate an make sane some magic numbers, and fix a small bug where we'd send to an unopened socket. Reviewed by: wollman Obtained from: NetBSD ---------------------------- revision 1.7 date: 1995/10/12 17:18:39; author: wollman; state: Exp; lines: +21 -13 Add a command-line option `-I' to disable logging from UDP. Document `-d' and `-I'. Add a BUGS section noting that logging from UDP is an unauthenticated remote disk-filling service, and probably should be disabled by default in the absence of some sort of authentication. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message