Date: Wed, 22 Apr 1998 17:41:02 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com>, peter@netplex.com.au, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-usrsbin@FreeBSD.ORG, soren@dt.dk Subject: Re: cvs commit: src/usr.sbin/syslogd syslogd.c Message-ID: <199804222141.RAA02873@khavrinen.lcs.mit.edu> In-Reply-To: <4852.893278525@critter.freebsd.dk> References: <199804222011.NAA08010@GndRsh.aac.dev.com> <4852.893278525@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Wed, 22 Apr 1998 22:55:25 +0200, Poul-Henning Kamp <phk@critter.freebsd.dk> said: > Yes, but remember that the mods (not mine!) was reviewed by me, and > I concluded that since that bind was absent it was snake oil security. Complete and utter nonsense! Adding a bind(2) adds absolutely nothing to security. > If you and peter agree with me that all -s should do is to not listen > for packets, but still bind to the syslog udp port so the remote > receiver of our syslog messages know we sent them, then I'll happily > make it do that. ---------------------------- revision 1.23 date: 1997/04/26 00:00:33; author: pst; state: Exp; lines: +13 -19 Secure mode (-s) incorrectly disabled both sending and receiving of syslog packets over UDP. Secure boxes should still be able to send packets. ---------------------------- revision 1.9 date: 1996/07/22 16:35:50; author: pst; state: Exp; lines: +24 -16 Bring in some fixes from NetBSD and re-hack our syslogd to be option-compatible with theirs (change the -I option to -s (but leave -I in for backwards compat.) Also eliminate an make sane some magic numbers, and fix a small bug where we'd send to an unopened socket. Reviewed by: wollman Obtained from: NetBSD ---------------------------- revision 1.7 date: 1995/10/12 17:18:39; author: wollman; state: Exp; lines: +21 -13 Add a command-line option `-I' to disable logging from UDP. Document `-d' and `-I'. Add a BUGS section noting that logging from UDP is an unauthenticated remote disk-filling service, and probably should be disabled by default in the absence of some sort of authentication. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804222141.RAA02873>