Date: Wed, 22 Apr 1998 22:02:43 +0800 From: Peter Wemm <peter@netplex.com.au> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-usrsbin@FreeBSD.ORG, soren@dt.dk Subject: Re: cvs commit: src/usr.sbin/syslogd syslogd.c Message-ID: <199804221402.WAA07928@spinner.netplex.com.au> In-Reply-To: Your message of "Wed, 22 Apr 1998 13:34:52 %2B0200." <3176.893244892@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote:
>
> Hmmmm,
>
> Now, I'm not too sure what people use SecureMode for, but it doesn't
> make sense to expect one host to accept remote logging from other
> hosts that don't, at least in my book...
>
> I would tend to say `document that you cant do remote logging with "-s"'
> and leave it at that, but I may be overlooking something here...
Secure mode is 'do not accept log entries from remote servers', which is
what the existing code does (did). It's not supposed to disable the local
server from *sending* queries.
Many security conscious sites have a central log collector that accepts
syslog entries from all it's associated machines, and doesn't offer login
or other services that might be compromisable to gain access. All the
other machines have their local syslogd's forwarding the more important
log entries to the central machine. They need to be able to send
(obviously), but generally shouldn't accept syslog entries from "out
there". What you've done is disable the ability to send logs to a central
server without exposing the machine to abuse. This is a step backwards
IMHO.
> Comments ?
If people are concerned about having the socket "sitting there" (which is
a good thing IMHO, since syslogd can't be sure of *getting* a fd if
somebody is attacking the machine by trying to use up all files), then
perhaps an alternative might be to open and close the socket() before and
after the sendto() while in SecureMode.
Incidently, I don't disagree with the cleanup in the diff, just the
removal of the socket open. The existing code was a bit messy and did
work that was not needed (initialise sin, do the getservbyname() etc).
I suggest the following fix (relative to -current):
(mind xterm cut/paste spammage)
diff -u -r1.29 syslogd.c
--- syslogd.c 1998/04/22 06:28:18 1.29
+++ syslogd.c 1998/04/22 13:59:52
@@ -366,8 +366,8 @@
created_lsock = 1;
inetm = 0;
+ finet = socket(AF_INET, SOCK_DGRAM, 0); /* needed for forwarding */
if (!SecureMode) {
- finet = socket(AF_INET, SOCK_DGRAM, 0);
if (finet >= 0) {
struct servent *sp;
> Poul-Henning
Cheers,
-Peter
--
Peter Wemm <peter@netplex.com.au> Netplex Consulting
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804221402.WAA07928>