Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 Apr 1998 17:41:02 -0400 (EDT)
From:      Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To:        Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc:        "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com>, peter@netplex.com.au, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-usrsbin@FreeBSD.ORG, soren@dt.dk
Subject:   Re: cvs commit: src/usr.sbin/syslogd syslogd.c 
Message-ID:  <199804222141.RAA02873@khavrinen.lcs.mit.edu>
In-Reply-To: <4852.893278525@critter.freebsd.dk>
References:  <199804222011.NAA08010@GndRsh.aac.dev.com> <4852.893278525@critter.freebsd.dk>

next in thread | previous in thread | raw e-mail | index | archive | help
<<On Wed, 22 Apr 1998 22:55:25 +0200, Poul-Henning Kamp <phk@critter.freebsd.dk> said:

> Yes, but remember that the mods (not mine!) was reviewed by me, and 
> I concluded that since that bind was absent it was snake oil security.

Complete and utter nonsense!

Adding a bind(2) adds absolutely nothing to security.

> If you and peter agree with me that all -s should do is to not listen
> for packets, but still bind to the syslog udp port so the remote
> receiver of our syslog messages know we sent them, then I'll happily
> make it do that.

----------------------------
revision 1.23
date: 1997/04/26 00:00:33;  author: pst;  state: Exp;  lines: +13 -19
Secure mode (-s) incorrectly disabled both sending and receiving of syslog
packets over UDP.  Secure boxes should still be able to send packets.
----------------------------
revision 1.9
date: 1996/07/22 16:35:50;  author: pst;  state: Exp;  lines: +24 -16
Bring in some fixes from NetBSD and re-hack our syslogd to be option-compatible
with theirs (change the -I option to -s (but leave -I in for backwards compat.)
Also eliminate an make sane some magic numbers, and fix a small bug where we'd
send to an unopened socket.

Reviewed by:    wollman
Obtained from:  NetBSD
----------------------------
revision 1.7
date: 1995/10/12 17:18:39;  author: wollman;  state: Exp;  lines: +21 -13
Add a command-line option `-I' to disable logging from UDP.
Document `-d' and `-I'.  Add a BUGS section noting that
logging from UDP is an unauthenticated remote disk-filling service,
and probably should be disabled by default in the absence of some sort
of authentication.

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804222141.RAA02873>