Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 28 Jul 1997 14:44:30 -0400 (EDT)
From:      Robert Watson <robert@cyrus.watson.org>
To:        Vincent Poy <vince@mail.MCESTATE.COM>
Cc:        Guido van Rooij <guido@gvr.win.tue.nl>, loco@onyks.wszib.poznan.pl, security@FreeBSD.ORG, mario1@PrimeNet.Com, johnnyu@accessus.net
Subject:   Re: security hole in FreeBSD
Message-ID:  <Pine.BSF.3.95q.970728143423.3342G-100000@cyrus.watson.org>
In-Reply-To: <Pine.BSF.3.95.970728113012.3844P-100000@mail.MCESTATE.COM>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Jul 1997, Vincent Poy wrote:

> On Mon, 28 Jul 1997, Robert Watson wrote:
> 
> 	What does the -s do anyways?  I know it means secure but isn't it
> supposed to be secure already out of the box?

-s prevents syslogd from accepting network network log messages.  Without
it, anyone who can deliver a packet to the syslog port using UDP can add a
line to your system logs.  When you add entries to syslog.conf like this:

*.error		@loghost.domain

you rely on not having the -s flag set.

Allowing log messages from unauthorized hosts is a security problem, as
someone can insert ficticious messages (often-times, spoofed), flood your
logs, etc.

  Robert N Watson 

Junior, Logic+Computation, Carnegie Mellon University  http://www.cmu.edu/
Network Security Research, Trusted Information Systems http://www.tis.com/
Network Administrator, SafePort Network Services  http://www.safeport.com/
robert@fledge.watson.org   rwatson@tis.com  http://www.watson.org/~robert/




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970728143423.3342G-100000>