From 103688fd349338520c147d5bde07429951925141 Mon Sep 17 00:00:00 2001
From: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Date: Thu, 25 Feb 2021 17:03:56 +0100
Subject: [PATCH] sysklogd: do not open any network sockets by default

The default in sysklogd 2.x is to open listening network sockets,
unlike sysklogd 1.5 where the default was the opposite.

This is contrary to a "secure by default" design, so set up the
init script to pass the -ss option to prevent syslogd from opening
any network sockets. It can be overridden in /etc/default/syslogd.

Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-extended/sysklogd/files/sysklogd | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-extended/sysklogd/files/sysklogd b/meta/recipes-extended/sysklogd/files/sysklogd
index 2a356a637a..050772b59d 100755
--- a/meta/recipes-extended/sysklogd/files/sysklogd
+++ b/meta/recipes-extended/sysklogd/files/sysklogd
@@ -22,6 +22,9 @@ binpath_syslogd=/usr/sbin/syslogd
 
 test -x $binpath || exit 0
 
+# run secure by default
+SYSLOGD="-ss"
+
 test ! -r /etc/default/syslogd || . /etc/default/syslogd
 
 create_xconsole()
-- 
2.40.1