]> code.ossystems Code Review - openembedded-core.git/commitdiff
Code Review / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 17ec69b)
sysklogd: do not open any network sockets by default
authorDiego Santa Cruz <Diego.SantaCruz@spinetix.com>
Thu, 25 Feb 2021 16:03:56 +0000 (17:03 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 26 Feb 2021 15:19:28 +0000 (15:19 +0000)
The default in sysklogd 2.x is to open listening network sockets,
unlike sysklogd 1.5 where the default was the opposite.

This is contrary to a "secure by default" design, so set up the
init script to pass the -ss option to prevent syslogd from opening
any network sockets. It can be overridden in /etc/default/syslogd.

Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/sysklogd/files/sysklogd patch | blob | history

diff --git a/meta/recipes-extended/sysklogd/files/sysklogd b/meta/recipes-extended/sysklogd/files/sysklogd
index 2a356a637ab0cc0a1194f8bfe3d815e5c8572ecd..050772b59d1b990c0649cd88d291c718df589a46 100755 (executable)
--- a/meta/recipes-extended/sysklogd/files/sysklogd
+++ b/meta/recipes-extended/sysklogd/files/sysklogd
@@ -22,6 +22,9 @@ binpath_syslogd=/usr/sbin/syslogd
 
 test -x $binpath || exit 0
 
+# run secure by default
+SYSLOGD="-ss"
+
 test ! -r /etc/default/syslogd || . /etc/default/syslogd
 
 create_xconsole()
Mirror of the official openembedded-core repository