sysklogd: do not open any network sockets by default

The default in sysklogd 2.x is to open listening network sockets, unlike sysklogd 1.5 where the default was the opposite. This is contrary to a "secure by default" design, so set up the init script to pass the -ss option to prevent syslogd from opening any network sockets. It can be overridden in /etc/default/syslogd. (From OE-Core rev: 103688fd349338520c147d5bde07429951925141) Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> 2021-02-25 17:03:56 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-02-26 15:21:21 +0000
commit: 910b09c4bcd848bd071e3482f9c701380ff0e228 (patch)
tree: 351b9b40f372f4beaed45ad1ef42149e4b5e79a0 /meta
parent: 53f118af3973e4d1b08bea8e193cd99095ddd072 (diff)
download: poky-910b09c4bcd848bd071e3482f9c701380ff0e228.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-extended/sysklogd/files/sysklogd b/meta/recipes-extended/sysklogd/files/sysklogd
index 2a356a637a..050772b59d 100755
--- a/meta/recipes-extended/sysklogd/files/sysklogd
+++ b/meta/recipes-extended/sysklogd/files/sysklogd
@@ -22,6 +22,9 @@ binpath_syslogd=/usr/sbin/syslogd
 test -x $binpath || exit 0
+# run secure by default
+SYSLOGD="-ss"
 test ! -r /etc/default/syslogd || . /etc/default/syslogd
 create_xconsole()
author	Diego Santa Cruz <Diego.SantaCruz@spinetix.com>	2021-02-25 17:03:56 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-02-26 15:21:21 +0000
commit	910b09c4bcd848bd071e3482f9c701380ff0e228 (patch)
tree	351b9b40f372f4beaed45ad1ef42149e4b5e79a0 /meta
parent	53f118af3973e4d1b08bea8e193cd99095ddd072 (diff)
download	poky-910b09c4bcd848bd071e3482f9c701380ff0e228.tar.gz

diff --git a/meta/recipes-extended/sysklogd/files/sysklogd b/meta/recipes-extended/sysklogd/files/sysklogd index 2a356a637a..050772b59d 100755 --- a/meta/recipes-extended/sysklogd/files/sysklogd +++ b/meta/recipes-extended/sysklogd/files/sysklogd
@@ -22,6 +22,9 @@ binpath_syslogd=/usr/sbin/syslogd
22		22
23	test -x $binpath \|\| exit 0	23	test -x $binpath \|\| exit 0
24		24
		25	# run secure by default
		26	SYSLOGD="-ss"
		27
25	test ! -r /etc/default/syslogd \|\| . /etc/default/syslogd	28	test ! -r /etc/default/syslogd \|\| . /etc/default/syslogd
26		29
27	create_xconsole()	30	create_xconsole()