From d35f30aa808713f04341bef174d67457490698f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Fri, 30 Apr 1999 12:51:20 +0000 Subject: [PATCH] Implement fascist mode (do not open a datagram socket at all). --- usr.sbin/syslogd/syslogd.8 | 9 +++++---- usr.sbin/syslogd/syslogd.c | 7 ++++--- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/usr.sbin/syslogd/syslogd.8 b/usr.sbin/syslogd/syslogd.8 index bd39df301dd6..20cf2b871a7e 100644 --- a/usr.sbin/syslogd/syslogd.8 +++ b/usr.sbin/syslogd/syslogd.8 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)syslogd.8 8.1 (Berkeley) 6/6/93 -.\" $Id: syslogd.8,v 1.15 1998/06/25 19:39:18 guido Exp $ +.\" $Id: syslogd.8,v 1.16 1998/07/22 06:15:18 phk Exp $ .\" .Dd October 12, 1995 .Dt SYSLOGD 8 @@ -128,9 +128,10 @@ The primary use for this is to place additional log sockets in .Pa /dev/log of various chroot filespaces. .It Fl s -Operate in secure mode. Do not log messages from remote machines. -The messages will be received and counted and a log entry produced every time -the count exceeds a power of two. +Operate in secure mode. Do not log messages from remote machines. If +specified once, the messages will be received and counted and a log +entry produced every time the count exceeds a power of two. If +specified twice, no network socket will be opened at all. .It Fl u Unique priority logging. Only log messages at the specified priority. Without this option, messages at the stated priority or higher are logged. diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c index 523de1af5a67..516a912f2640 100644 --- a/usr.sbin/syslogd/syslogd.c +++ b/usr.sbin/syslogd/syslogd.c @@ -42,7 +42,7 @@ static const char copyright[] = static char sccsid[] = "@(#)syslogd.c 8.3 (Berkeley) 4/4/94"; #endif static const char rcsid[] = - "$Id: syslogd.c,v 1.45 1998/12/29 20:36:22 cwt Exp $"; + "$Id: syslogd.c,v 1.46 1998/12/29 23:14:50 cwt Exp $"; #endif /* not lint */ /* @@ -251,7 +251,7 @@ struct filed consfile; int Debug; /* debug flag */ char LocalHostName[MAXHOSTNAMELEN+1]; /* our hostname */ char *LocalDomain; /* our local domain name */ -int finet; /* Internet datagram socket */ +int finet = -1; /* Internet datagram socket */ int LogPort; /* port number for INET connections */ int Initialized = 0; /* set when we have initialized ourselves */ int MarkInterval = 20 * 60; /* interval between marks in seconds */ @@ -394,7 +394,8 @@ main(argc, argv) die(0); } } - finet = socket(AF_INET, SOCK_DGRAM, 0); + if (SecureMode > 1) + finet = socket(AF_INET, SOCK_DGRAM, 0); if (finet >= 0) { struct servent *sp;