diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1995-12-15 18:19:25 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1995-12-15 18:19:25 +0000 |
| commit | c4ae5fedeb2c477d11561d81f03fec42999c995a (patch) | |
| tree | 709560146da55d8ddb932c2e791cab2803ad4e77 /usr.sbin/syslogd | |
| parent | 6ed259657a4e2f1c661eb611611d6526b9df1724 (diff) | |
-s option prevents opening of UDP port; from perry@piermont.com; netbsd pr#1761
Diffstat (limited to 'usr.sbin/syslogd')
| -rw-r--r-- | usr.sbin/syslogd/syslogd.8 | 9 | ||||
| -rw-r--r-- | usr.sbin/syslogd/syslogd.c | 15 |
2 files changed, 20 insertions, 4 deletions
diff --git a/usr.sbin/syslogd/syslogd.8 b/usr.sbin/syslogd/syslogd.8 index 6c0b1fe7850..55a1bf92d2a 100644 --- a/usr.sbin/syslogd/syslogd.8 +++ b/usr.sbin/syslogd/syslogd.8 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" from: @(#)syslogd.8 6.10 (Berkeley) 3/16/91 -.\" $Id: syslogd.8,v 1.1 1995/10/18 08:48:22 deraadt Exp $ +.\" $Id: syslogd.8,v 1.2 1995/12/15 18:19:23 deraadt Exp $ .\" .Dd March 16, 1991 .Dt SYSLOGD 8 @@ -56,6 +56,13 @@ the default is .It Fl m Select the number of minutes between ``mark'' messages; the default is 20 minutes. +.It Fl s +Select ``secure'' mode, in which syslogd does not open a UDP socket but +only communicates over a UNIX domain socket. +This is valuable when the machine on +which syslogd runs is subject to attack over the network and it is desired +that the machine be protected from attempts to remotely fill logs +and similar attacks. .It Fl p Specify the pathname of an alternate log socket; the default is diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c index 2963d2c1a17..0bef15989fc 100644 --- a/usr.sbin/syslogd/syslogd.c +++ b/usr.sbin/syslogd/syslogd.c @@ -39,7 +39,7 @@ char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)syslogd.c 5.45 (Berkeley) 3/2/91";*/ -static char rcsid[] = "$Id: syslogd.c,v 1.1 1995/10/18 08:48:22 deraadt Exp $"; +static char rcsid[] = "$Id: syslogd.c,v 1.2 1995/12/15 18:19:24 deraadt Exp $"; #endif /* not lint */ /* @@ -184,6 +184,7 @@ int LogPort; /* port number for INET connections */ int Initialized = 0; /* set when we have initialized ourselves */ int MarkInterval = 20 * 60; /* interval between marks in seconds */ int MarkSeq = 0; /* mark sequence number */ +int SecureMode = 0; /* when true, speak only unix domain socks */ extern int errno; extern char *ctime(), *index(), *calloc(); @@ -204,7 +205,7 @@ main(argc, argv) extern char *optarg; void die(), domark(), init(), reapchild(); - while ((ch = getopt(argc, argv, "df:m:p:")) != EOF) + while ((ch = getopt(argc, argv, "dsf:m:p:")) != EOF) switch((char)ch) { case 'd': /* debug */ Debug++; @@ -218,6 +219,9 @@ main(argc, argv) case 'p': /* path */ LogName = optarg; break; + case 's': /* no network mode */ + SecureMode++; + break; case '?': default: usage(); @@ -260,7 +264,12 @@ main(argc, argv) dprintf("cannot create %s (%d)\n", LogName, errno); die(0); } - finet = socket(AF_INET, SOCK_DGRAM, 0); + if (!SecureMode) + finet = socket(AF_INET, SOCK_DGRAM, 0); + else { + finet = -1; + inetm = 0; + } if (finet >= 0) { struct servent *sp; |