200 messages in org.freebsd.freebsd-securityRe: security hole in FreeBSD| From | Sent On | Attachments |
|---|---|---|
| Vincent Poy | Jul 28, 1997 3:19 am | |
| Nicole H. | Jul 28, 1997 3:22 am | |
| Vincent Poy | Jul 28, 1997 4:39 am | |
| Robert Watson | Jul 28, 1997 5:36 am | |
| Nicole H. | Jul 28, 1997 5:40 am | |
| Eric Feillant | Jul 28, 1997 5:41 am | |
| David Holland | Jul 28, 1997 6:12 am | |
| Nicole H. | Jul 28, 1997 6:15 am | |
| Jonathan A. Zdziarski | Jul 28, 1997 6:22 am | |
| Tomasz Dudziak | Jul 28, 1997 6:29 am | |
| Adam Shostack | Jul 28, 1997 6:39 am | |
| Guido van Rooij | Jul 28, 1997 6:52 am | |
| Garrett Wollman | Jul 28, 1997 7:04 am | |
| Robert Watson | Jul 28, 1997 7:56 am | |
| Robert Watson | Jul 28, 1997 7:59 am | |
| Ollivier Robert | Jul 28, 1997 8:16 am | |
| Robert Watson | Jul 28, 1997 8:48 am | |
| Jonathan A. Zdziarski | Jul 28, 1997 8:50 am | |
| Jonathan A. Zdziarski | Jul 28, 1997 8:54 am | |
| Rodney W. Grimes | Jul 28, 1997 8:55 am | |
| Adam Shostack | Jul 28, 1997 9:04 am | |
| Robert Watson | Jul 28, 1997 10:08 am | |
| Rodney W. Grimes | Jul 28, 1997 10:26 am | |
| Vincent Poy | Jul 28, 1997 10:59 am | |
| Vincent Poy | Jul 28, 1997 11:23 am | |
| Vincent Poy | Jul 28, 1997 11:27 am | |
| David Langford | Jul 28, 1997 11:30 am | |
| Vincent Poy | Jul 28, 1997 11:31 am | |
| Robert Watson | Jul 28, 1997 11:33 am | |
| Robert Watson | Jul 28, 1997 11:44 am | |
| Jonathan A. Zdziarski | Jul 28, 1997 11:46 am | |
| Jonathan A. Zdziarski | Jul 28, 1997 11:48 am | |
| Jonathan A. Zdziarski | Jul 28, 1997 11:49 am | |
| Robert Watson | Jul 28, 1997 12:29 pm | |
| Vincent Poy | Jul 28, 1997 12:29 pm | |
| Vincent Poy | Jul 28, 1997 12:38 pm | |
| Vincent Poy | Jul 28, 1997 12:48 pm | |
| Vincent Poy | Jul 28, 1997 12:54 pm | |
| Vincent Poy | Jul 28, 1997 12:56 pm | |
| Adam Shostack | Jul 28, 1997 1:04 pm | |
| Jonathan A. Zdziarski | Jul 28, 1997 1:15 pm | |
| Jonathan A. Zdziarski | Jul 28, 1997 1:16 pm | |
| Robert Watson | Jul 28, 1997 1:45 pm | |
| Jonathan A. Zdziarski | Jul 28, 1997 1:47 pm | |
| Jonathan A. Zdziarski | Jul 28, 1997 1:51 pm | |
| Robert Watson | Jul 28, 1997 1:54 pm | |
| Nate Williams | Jul 28, 1997 2:00 pm | |
| Ollivier Robert | Jul 28, 1997 2:07 pm | |
| Matthew N. Dodd | Jul 28, 1997 2:14 pm | |
| Karl Denninger | Jul 28, 1997 2:42 pm | |
| Vincent Poy | Jul 28, 1997 2:43 pm | |
| Vincent Poy | Jul 28, 1997 3:01 pm | |
| Vincent Poy | Jul 28, 1997 3:06 pm | |
| Jordan K. Hubbard | Jul 28, 1997 3:10 pm | |
| Vincent Poy | Jul 28, 1997 3:25 pm | |
| Vincent Poy | Jul 28, 1997 3:28 pm | |
| Matthew N. Dodd | Jul 28, 1997 3:30 pm | |
| Vincent Poy | Jul 28, 1997 3:30 pm | |
| Vincent Poy | Jul 28, 1997 3:44 pm | |
| Brian Buchanan | Jul 28, 1997 4:06 pm | |
| Gary Clark II | Jul 28, 1997 4:06 pm | |
| Vincent Poy | Jul 28, 1997 4:14 pm | |
| Vincent Poy | Jul 28, 1997 4:16 pm | |
| Vincent Poy | Jul 28, 1997 4:18 pm | |
| Matthew N. Dodd | Jul 28, 1997 4:18 pm | |
| Vincent Poy | Jul 28, 1997 4:19 pm | |
| Vincent Poy | Jul 28, 1997 4:25 pm | |
| Vincent Poy | Jul 28, 1997 4:30 pm | |
| Brian Buchanan | Jul 28, 1997 4:48 pm | |
| Jordan K. Hubbard | Jul 28, 1997 4:59 pm | |
| Jordan K. Hubbard | Jul 28, 1997 5:00 pm | |
| Vincent Poy | Jul 28, 1997 5:02 pm | |
| Brian Buchanan | Jul 28, 1997 5:09 pm | |
| Vincent Poy | Jul 28, 1997 5:19 pm | |
| Vincent Poy | Jul 28, 1997 5:20 pm | |
| Gary Palmer | Jul 28, 1997 5:22 pm | |
| Vincent Poy | Jul 28, 1997 5:26 pm | |
| Vincent Poy | Jul 28, 1997 5:30 pm | |
| Gary Palmer | Jul 28, 1997 5:30 pm | |
| Brian Buchanan | Jul 28, 1997 5:32 pm | |
| Gary Palmer | Jul 28, 1997 5:33 pm | |
| Vincent Poy | Jul 28, 1997 5:34 pm | |
| Gary Palmer | Jul 28, 1997 5:36 pm | |
| Vincent Poy | Jul 28, 1997 5:40 pm | |
| Gary Palmer | Jul 28, 1997 5:44 pm | |
| Gary Palmer | Jul 28, 1997 5:45 pm | |
| Vincent Poy | Jul 28, 1997 5:49 pm | |
| Gary Palmer | Jul 28, 1997 5:53 pm | |
| Vincent Poy | Jul 28, 1997 5:57 pm | |
| 111 later messages | ||
| Subject: | Re: security hole in FreeBSD | |
|---|---|---|
| From: | Vincent Poy (vin...@mail.MCESTATE.COM) | |
| Date: | Jul 28, 1997 12:56:12 pm | |
| List: | org.freebsd.freebsd-security | |
On Mon, 28 Jul 1997, Robert Watson wrote:
=)> What does the -s do anyways? I know it means secure but isn't it =)> supposed to be secure already out of the box? =) =)-s prevents syslogd from accepting network network log messages. Without =)it, anyone who can deliver a packet to the syslog port using UDP can add a =)line to your system logs. When you add entries to syslog.conf like this: =) =)*.error @loghost.domain =) =)you rely on not having the -s flag set. =) =)Allowing log messages from unauthorized hosts is a security problem, as =)someone can insert ficticious messages (often-times, spoofed), flood your =)logs, etc.
Never noticed this one, was there a reason FreeBSD shipped with -s off by default?
Cheers, Vince - vin...@MCESTATE.COM - vin...@GAIANET.NET ________ __ ____ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] GaiaNet Corporation - M & C Estate / / / / | / | __] ] Beverly Hills, California USA 90210 / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]