CVS commit: basesrc

[Jim Wise <jwise%netbsd.org@localhost>]

Module Name:    basesrc
Committed By:   jwise
Date:           Fri Jun 30 17:32:44 UTC 2000

Modified Files:
        basesrc/usr.sbin/syslogd: syslogd.8 syslogd.c

Log Message:
1.) bring usage text up to date, and clarify description of `-s' option
    in man page and comments -- for some time it has no longer prevents
    an inet socket from being opened, just caused it to be ignored

2.) Fix this problem with `-s' -- syslogd always opens an inet socket, even if
    -s is specified and it has nowhere to send to.  This socket is then
    shutdown(), but there is no way to not have this socket open.

    Users setting up paranoid installations can now specify `-S' which
    prevents any non-unix-domain sockets from being opened, even if
    forwarding is specified in /etc/syslogd.conf.

    As per the previous fix, this is not made the default for `-s', as it
    also prevents syslogd from forwarding log messages.

3.) document the above in the man page and usage.

Justification:  in light of the possibility of future DoS attacks, or the
desire to set up a machine which is relatively uninformative in the face
of port scans, users may quite legitimately want to control what sockets
are open on their machine.  Telling such users that they cannot run
syslogd is non-ideal.


To generate a diff of this commit:
cvs rdiff -r1.15 -r1.16 basesrc/usr.sbin/syslogd/syslogd.8
cvs rdiff -r1.34 -r1.35 basesrc/usr.sbin/syslogd/syslogd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.