Date: Tue, 25 Aug 1998 13:33:58 -0700 (PDT) From: Archie Cobbs <archie@whistle.com> To: Studded@dal.net (Studded) Cc: hart@iserver.com, freebsd-security@FreeBSD.ORG Subject: Re: Scaring the bezeesus out of your system admin as a normal user: Message-ID: <199808252033.NAA15314@bubba.whistle.com> In-Reply-To: <35E2F4CC.5820504D@dal.net> from Studded at "Aug 25, 98 10:30:52 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Studded writes: > > > This is kind of a related question, but in 2.2.7-RELEASE syslogd appears > > > to have been modified to bind to its UDP port even if it is run with the > > > -s flag. It does discard packets received on the port (but still logs a > > > message about it!), but should it not even bind to the port when running > > > in secure mode? It didn't bind to the port in previous versions, if > > > memory serves. > > > > > > If this was a recent design decision that is meant to last, I think I will > > > hack my syslogd back to the way it used to be. > > > > If you do, send it in with send-pr... this behavior seems kindof silly. > > This was discussed several months ago (check the archives for -Stable I > think), but my understanding was that it was decided ultimately NOT to > bind the port otherwise I would have made more noise about it myself. Actually, he's right.. the -current syslogd will bind to the UDP port no matter whether -s is specified or not. It does drop packets (and log a warning) if it receives anything when -s is set. It looks like this is done because syslogd still needs a UDP socket from which to forward log entries when told to do so in /etc/syslog.conf. Guess that makes sense. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808252033.NAA15314>