Date: Thu, 23 Apr 1998 19:20:20 -0700 (PDT) From: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com> To: phk@critter.freebsd.dk (Poul-Henning Kamp) Cc: peter@netplex.com.au, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-usrsbin@FreeBSD.ORG, soren@dt.dk Subject: Re: cvs commit: src/usr.sbin/syslogd syslogd.c Message-ID: <199804240220.TAA10069@GndRsh.aac.dev.com> In-Reply-To: <4852.893278525@critter.freebsd.dk> from Poul-Henning Kamp at "Apr 22, 98 10:55:25 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > >> I would think that all securemode should do would be to not include the > >> fd in what select is watching, but the code before this change also > >> diked out the bind, so you wouldn't know what port you would be sending > >> syslog messages from, making ipfw unable to decide if the message came > >> from syslogd or some random user... > > > >True, but your changes force us to run wide open, both in and out, if > >we want to do remote logging at all :-(. > > Yes, but remember that the mods (not mine!) was reviewed by me, and > I concluded that since that bind was absent it was snake oil security. > > If you and peter agree with me that all -s should do is to not listen > for packets, but still bind to the syslog udp port so the remote > receiver of our syslog messages know we sent them, then I'll happily > make it do that. Yes, I agree with that. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation, Inc. Reliable computers for FreeBSD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804240220.TAA10069>