From owner-cvs-usrsbin Wed Apr 22 13:58:39 1998 Return-Path: Received: (from daemon@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA23257 for cvs-usrsbin-outgoing; Wed, 22 Apr 1998 13:58:39 -0700 (PDT) (envelope-from owner-cvs-usrsbin) Received: from critter.freebsd.dk (critter.freebsd.dk [195.8.129.14]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA22878; Wed, 22 Apr 1998 20:58:00 GMT (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.8.7/8.8.5) with ESMTP id WAA04854; Wed, 22 Apr 1998 22:55:25 +0200 (CEST) To: "Rodney W. Grimes" cc: peter@netplex.com.au, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-usrsbin@FreeBSD.ORG, soren@dt.dk Subject: Re: cvs commit: src/usr.sbin/syslogd syslogd.c In-reply-to: Your message of "Wed, 22 Apr 1998 13:11:57 PDT." <199804222011.NAA08010@GndRsh.aac.dev.com> Date: Wed, 22 Apr 1998 22:55:25 +0200 Message-ID: <4852.893278525@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-cvs-usrsbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >> I would think that all securemode should do would be to not include the >> fd in what select is watching, but the code before this change also >> diked out the bind, so you wouldn't know what port you would be sending >> syslog messages from, making ipfw unable to decide if the message came >> from syslogd or some random user... > >True, but your changes force us to run wide open, both in and out, if >we want to do remote logging at all :-(. Yes, but remember that the mods (not mine!) was reviewed by me, and I concluded that since that bind was absent it was snake oil security. If you and peter agree with me that all -s should do is to not listen for packets, but still bind to the syslog udp port so the remote receiver of our syslog messages know we sent them, then I'll happily make it do that. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." "ttyv0" -- What UNIX calls a $20K state-of-the-art, 3D, hi-res color terminal