From owner-freebsd-security Mon Jul 28 11:44:59 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id LAA24079 for security-outgoing; Mon, 28 Jul 1997 11:44:59 -0700 (PDT) Received: from cyrus.watson.org (robert@cyrus.watson.org [207.86.4.20]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA24072 for ; Mon, 28 Jul 1997 11:44:56 -0700 (PDT) Received: from localhost (robert@localhost) by cyrus.watson.org (8.8.5/8.8.5) with SMTP id OAA03882; Mon, 28 Jul 1997 14:44:30 -0400 (EDT) Date: Mon, 28 Jul 1997 14:44:30 -0400 (EDT) From: Robert Watson Reply-To: Robert Watson To: Vincent Poy cc: Guido van Rooij , loco@onyks.wszib.poznan.pl, security@FreeBSD.ORG, mario1@PrimeNet.Com, johnnyu@accessus.net Subject: Re: security hole in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Mon, 28 Jul 1997, Vincent Poy wrote: > On Mon, 28 Jul 1997, Robert Watson wrote: > > What does the -s do anyways? I know it means secure but isn't it > supposed to be secure already out of the box? -s prevents syslogd from accepting network network log messages. Without it, anyone who can deliver a packet to the syslog port using UDP can add a line to your system logs. When you add entries to syslog.conf like this: *.error @loghost.domain you rely on not having the -s flag set. Allowing log messages from unauthorized hosts is a security problem, as someone can insert ficticious messages (often-times, spoofed), flood your logs, etc. Robert N Watson Junior, Logic+Computation, Carnegie Mellon University http://www.cmu.edu/ Network Security Research, Trusted Information Systems http://www.tis.com/ Network Administrator, SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org rwatson@tis.com http://www.watson.org/~robert/