Subject: syslogd -s
To: NetBSD Current Users <email@example.com>
From: Kevin Sullivan <firstname.lastname@example.org>
Date: 10/20/1998 17:25:26
Content-Type: text/plain; charset=us-ascii
The man page for syslogd says that the "-s" flag keeps the syslog daemon
from opening a UDP port, thus protecting it from remote fill-the-log
attacks. It doesn't mention that this flag prevents syslogd from
forwarding messages to a remote loghost. Syslogd also doesn't log a
warning for this.
It seems as if the correct behavior would be to always open a port, but
only listen on it if -s was not given. Alternatively, we could keep the
current behavior but change the man page to specify that log forwarding
will not work (and perhaps have syslogd print or log a warning). Which
would be preferred?
Also, it would be nice if syslogd (along with other UDP services) could use
TCP wrappers. Is this reasonable or would it cause too much overhead?
-----BEGIN PGP MESSAGE-----
-----END PGP MESSAGE-----