[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: syslogd.c patch

To: tech_(_at_)_openbsd_(_dot_)_org
Subject: Re: syslogd.c patch
From: Jesse Kempf <kempf_(_at_)_rpi_(_dot_)_edu>
Date: Mon, 7 Mar 2005 11:39:44 -0500

On Mar 7, 2005, at 9:33 AM, Henning Brauer wrote:

* Pierre-Yves Ritschard <pierre-yves_(_dot_)_ritschard_(_at_)_oxalide_(_dot_)_com> [2005-03-07 15:18]:
Here's a *really* simple patch that makes syslogd not bind a udp socket if -u isn't specified. Tested on i386 and sparc64 though when looking at it it seems pretty clear it will work everywhere.
the only clear thing is that this breaks syslog forwarding.


There's no inherent security problem with having syslog
bound to port 514 UDP.  It only becomes a possible issue
when you *listen* on it. You could do some clever and
pointless nonsense to determine whether you need to
bind to the socket, but the fact remains you'd be adding
code that doesn't actually *do* anything worthwhile.

In the time I've been on the list, I've seen plenty of these
patches go by. They all seem to come from the same
misperception that bind()ing to a socket is the same as
processing data from it.
It isn't.

I'm not a developer; I'm only sending this for the sake of
posterity (like people actually check the list archives) and
because you might want a reason why OpenBSD doesn't
do this already.

Cheers,
-Jesse Kempf
VLSI Lab Systems Manager
Center for Integrated Electronics
Rensselaer Polytechnic Institute

References:
- syslogd.c patch
  - From: Pierre-Yves Ritschard
- Re: syslogd.c patch
  - From: Henning Brauer

Prev by Date: siginfo_t
Next by Date: getppid misused as entropy source
Previous by thread: Re: syslogd.c patch
Next by thread: siginfo_t
Index(es):
- Date
- Thread

Visit your host, monkey.org