diff options
-rw-r--r-- | usr.sbin/syslogd/syslogd.8 | 14 | ||||
-rw-r--r-- | usr.sbin/syslogd/syslogd.c | 24 |
2 files changed, 18 insertions, 20 deletions
diff --git a/usr.sbin/syslogd/syslogd.8 b/usr.sbin/syslogd/syslogd.8 index d6e931c13ee..223b7e67b07 100644 --- a/usr.sbin/syslogd/syslogd.8 +++ b/usr.sbin/syslogd/syslogd.8 @@ -44,7 +44,7 @@ .Op Fl f Ar config_file .Op Fl m Ar mark_interval .Op Fl p Ar log_socket -.Op Fl s +.Op Fl u .Sh DESCRIPTION .Nm Syslogd reads and logs messages to the system console, log files, other @@ -61,13 +61,11 @@ the default is .It Fl m Select the number of minutes between ``mark'' messages; the default is 20 minutes. -.It Fl s -Select ``secure'' mode, in which syslogd does not open a UDP socket but -only communicates over a UNIX domain socket. -This is valuable when the machine on -which syslogd runs is subject to attack over the network and it is desired -that the machine be protected from attempts to remotely fill logs -and similar attacks. +.It Fl u +Select the historical ``insecure'' mode, in which syslogd will +open a UDP socket and accept input over it as well. +Some software wants this, but you can be subjected to a variety of +attacks over the network, including attackers remotely filling logs. .It Fl p Specify the pathname of an alternate log socket; the default is diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c index 0bffe69c837..f2b54d656f5 100644 --- a/usr.sbin/syslogd/syslogd.c +++ b/usr.sbin/syslogd/syslogd.c @@ -187,7 +187,7 @@ int LogPort; /* port number for INET connections */ int Initialized = 0; /* set when we have initialized ourselves */ int MarkInterval = 20 * 60; /* interval between marks in seconds */ int MarkSeq = 0; /* mark sequence number */ -int SecureMode = 0; /* when true, speak only unix domain socks */ +int SecureMode = 1; /* when true, speak only unix domain socks */ void cfline __P((char *, struct filed *)); char *cvthname __P((struct sockaddr_in *)); @@ -216,7 +216,7 @@ main(argc, argv) FILE *fp; char *p, line[MSG_BSIZE + 1]; - while ((ch = getopt(argc, argv, "dsf:m:p:")) != EOF) + while ((ch = getopt(argc, argv, "duf:m:p:")) != EOF) switch(ch) { case 'd': /* debug */ Debug++; @@ -230,8 +230,8 @@ main(argc, argv) case 'p': /* path */ LogName = optarg; break; - case 's': /* no network mode */ - SecureMode++; + case 'u': /* allow udp input port */ + SecureMode = 0; break; case '?': default: @@ -271,7 +271,7 @@ main(argc, argv) if (funix < 0 || bind(funix, (struct sockaddr *)&sunx, SUN_LEN(&sunx)) < 0 || chmod(LogName, 0666) < 0) { - (void) sprintf(line, "cannot create %s", LogName); + (void) snprintf(line, sizeof line, "cannot create %s", LogName); logerror(line); dprintf("cannot create %s (%d)\n", LogName, errno); die(0); @@ -593,7 +593,7 @@ fprintlog(f, flags, msg) v = iov; if (f->f_type == F_WALL) { v->iov_base = greetings; - v->iov_len = snprintf(greetings, 500, + v->iov_len = snprintf(greetings, sizeof(greetings), "\r\n\7Message from syslogd@%s at %.24s ...\r\n", f->f_prevhost, ctime(&now)); v++; @@ -638,7 +638,7 @@ fprintlog(f, flags, msg) case F_FORW: dprintf(" %s\n", f->f_un.f_forw.f_hname); - l = snprintf(line, MAXLINE, "<%d>%.15s %s", f->f_prevpri, + l = snprintf(line, sizeof(line) - 1, "<%d>%.15s %s", f->f_prevpri, iov[0].iov_base, iov[4].iov_base); if (l > MAXLINE) l = MAXLINE; @@ -835,8 +835,8 @@ logerror(type) char buf[100]; if (errno) - (void)snprintf(buf, - sizeof(buf), "syslogd: %s: %s", type, strerror(errno)); + (void)snprintf(buf, sizeof(buf), "syslogd: %s: %s", + type, strerror(errno)); else (void)snprintf(buf, sizeof(buf), "syslogd: %s", type); errno = 0; @@ -1018,7 +1018,7 @@ cfline(line, f) else { pri = decode(buf, prioritynames); if (pri < 0) { - (void)sprintf(ebuf, + (void)snprintf(ebuf, sizeof ebuf, "unknown priority name \"%s\"", buf); logerror(ebuf); return; @@ -1036,7 +1036,7 @@ cfline(line, f) else { i = decode(buf, facilitynames); if (i < 0) { - (void)sprintf(ebuf, + (void)snprintf(ebuf, sizeof(ebuf), "unknown facility name \"%s\"", buf); logerror(ebuf); @@ -1065,7 +1065,7 @@ cfline(line, f) if (hp == NULL) { extern int h_errno; - logerror(hstrerror(h_errno)); + logerror((char *)hstrerror(h_errno)); break; } memset(&f->f_un.f_forw.f_addr, 0, |