--==_Exmh_1337925320P
Content-Type: text/plain; charset=us-ascii

The man page for syslogd says that the "-s" flag keeps the syslog daemon
from opening a UDP port, thus protecting it from remote fill-the-log
attacks.  It doesn't mention that this flag prevents syslogd from
forwarding messages to a remote loghost.  Syslogd also doesn't log a
warning for this.

It seems as if the correct behavior would be to always open a port, but
only listen on it if -s was not given.  Alternatively, we could keep the
current behavior but change the man page to specify that log forwarding
will not work (and perhaps have syslogd print or log a warning).  Which
would be preferred?

Also, it would be nice if syslogd (along with other UDP services) could use
TCP wrappers.  Is this reasonable or would it cause too much overhead?

	-Kevin


--==_Exmh_1337925320P
Content-Type: application/pgp-signature

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

iQCVAwUBNiz/xn4qeMKIUCpVAQEw2gP/fIchQQ0n0dEOCRwLzh9R2FuSvaSvIdmY
IquyyGxv6848IqRaKTnsr0A1O7gW2ApUjyMxeFJrV7ZZRqlCYB9CGywPKvedBwyG
uDQ12bTQKqt73VvF5+Nfqd2aSPg+mP8cQOlVeHtt/sdvT1mT5lmOv6ezAD6UUiYW
x5Xes78LQuQ=
=tRMc
-----END PGP MESSAGE-----

--==_Exmh_1337925320P--