Subject: Re: syslogd -s
To: None <current-users@netbsd.org>
From: Dave Sainty <dave@dtsp.co.nz>
List: current-users
Date: 10/21/1998 22:35:23
"Perry E. Metzger" writes:
>
>
> Kevin Sullivan writes:
> > The man page for syslogd says that the "-s" flag keeps the syslog daemon
> > from opening a UDP port, thus protecting it from remote fill-the-log
> > attacks. It doesn't mention that this flag prevents syslogd from
> > forwarding messages to a remote loghost.
>
> Yeah, I know. Its a bug. If you fix it, send patches and we'll do the
> right thing.
On the other hand, an unused but existing network socket is one more
thing to watch on a self contained machine reachable by the outside
world. A no-listen flag would definately be a win, but it should be a
different flag again, as the -s functionality is useful...