.\" SUCH DAMAGE.
.\"
.\" from: @(#)syslogd.8 6.10 (Berkeley) 3/16/91
-.\" $Id: syslogd.8,v 1.1.1.1 1995/10/18 08:48:22 deraadt Exp $
+.\" $Id: syslogd.8,v 1.2 1995/12/15 18:19:23 deraadt Exp $
.\"
.Dd March 16, 1991
.Dt SYSLOGD 8
.It Fl m
Select the number of minutes between ``mark'' messages;
the default is 20 minutes.
+.It Fl s
+Select ``secure'' mode, in which syslogd does not open a UDP socket but
+only communicates over a UNIX domain socket.
+This is valuable when the machine on
+which syslogd runs is subject to attack over the network and it is desired
+that the machine be protected from attempts to remotely fill logs
+and similar attacks.
.It Fl p
Specify the pathname of an alternate log socket;
the default is
#ifndef lint
/*static char sccsid[] = "from: @(#)syslogd.c 5.45 (Berkeley) 3/2/91";*/
-static char rcsid[] = "$Id: syslogd.c,v 1.1.1.1 1995/10/18 08:48:22 deraadt Exp $";
+static char rcsid[] = "$Id: syslogd.c,v 1.2 1995/12/15 18:19:24 deraadt Exp $";
#endif /* not lint */
/*
int Initialized = 0; /* set when we have initialized ourselves */
int MarkInterval = 20 * 60; /* interval between marks in seconds */
int MarkSeq = 0; /* mark sequence number */
+int SecureMode = 0; /* when true, speak only unix domain socks */
extern int errno;
extern char *ctime(), *index(), *calloc();
extern char *optarg;
void die(), domark(), init(), reapchild();
- while ((ch = getopt(argc, argv, "df:m:p:")) != EOF)
+ while ((ch = getopt(argc, argv, "dsf:m:p:")) != EOF)
switch((char)ch) {
case 'd': /* debug */
Debug++;
case 'p': /* path */
LogName = optarg;
break;
+ case 's': /* no network mode */
+ SecureMode++;
+ break;
case '?':
default:
usage();
dprintf("cannot create %s (%d)\n", LogName, errno);
die(0);
}
- finet = socket(AF_INET, SOCK_DGRAM, 0);
+ if (!SecureMode)
+ finet = socket(AF_INET, SOCK_DGRAM, 0);
+ else {
+ finet = -1;
+ inetm = 0;
+ }
if (finet >= 0) {
struct servent *sp;
projects / openbsd / commitdiff