From 910b09c4bcd848bd071e3482f9c701380ff0e228 Mon Sep 17 00:00:00 2001
From: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Date: Thu, 25 Feb 2021 17:03:56 +0100
Subject: sysklogd: do not open any network sockets by default

The default in sysklogd 2.x is to open listening network sockets,
unlike sysklogd 1.5 where the default was the opposite.

This is contrary to a "secure by default" design, so set up the
init script to pass the -ss option to prevent syslogd from opening
any network sockets. It can be overridden in /etc/default/syslogd.

(From OE-Core rev: 103688fd349338520c147d5bde07429951925141)

Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-extended/sysklogd/files/sysklogd | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'meta')

diff --git a/meta/recipes-extended/sysklogd/files/sysklogd b/meta/recipes-extended/sysklogd/files/sysklogd
index 2a356a637a..050772b59d 100755
--- a/meta/recipes-extended/sysklogd/files/sysklogd
+++ b/meta/recipes-extended/sysklogd/files/sysklogd
@@ -22,6 +22,9 @@ binpath_syslogd=/usr/sbin/syslogd
 
 test -x $binpath || exit 0
 
+# run secure by default
+SYSLOGD="-ss"
+
 test ! -r /etc/default/syslogd || . /etc/default/syslogd
 
 create_xconsole()
-- 
cgit v1.2.3-54-g00ecf