"Perry E. Metzger" writes:

> 
> 
> Kevin Sullivan writes:
> > The man page for syslogd says that the "-s" flag keeps the syslog daemon
> > from opening a UDP port, thus protecting it from remote fill-the-log
> > attacks.  It doesn't mention that this flag prevents syslogd from
> > forwarding messages to a remote loghost.
> 
> Yeah, I know. Its a bug. If you fix it, send patches and we'll do the
> right thing.

On the other hand, an unused but existing network socket is one more
thing to watch on a self contained machine reachable by the outside
world.  A no-listen flag would definately be a win, but it should be a
different flag again, as the -s functionality is useful...