>> host# cat > bind.c <<_EOF_ [...] >> if (sk->sin_family == AF_INET) sk->sin_addr.s_addr = 0x7f000001; >> return syscall(SYS_bind, fd, sk, sl); >> } >> _EOF_ >> host# cc -O -pic bind.c >> host# ld -assert pure-text bind.o -ldl >> host# mv a.out libbind.o >> host# setenv LD_PRELOAD libbind.o >> host# syslogd >> host# unsetenv LD_PRELOAD > I'm not sure if this is true on all systems, but I know on HP-UX if > you comment out the "syslog" line in /etc/services it won't bind the > UDP socket to listen on at all, which would have the same effect with > less hassle. Not at all the same effect - only the same effect as far as packets coming from elsewhere is concerned. The LD_PRELOAD hack will cause syslog to behave normally as far as local packets is concerned. (Well, not quite: only as far as packets sent to 127.0.0.1 goes.) > And it is likely to be more portable than the SunOS hack, since most > versions of syslog would be likely to do a getservbyname("syslog"). Um...what is it you think the hack above does? It most certainly doesn't do anything that syslogd using, or not using, getservbyname("syslog") would have any effect on. All it does is ensure that any bind() calls for AF_INET sockets bind to 127.0.0.1 rather than to whatever address the program tried to bind to (probably INADDR_ANY, in syslogd's case). The port number is not touched. Also, I'm not sure, but I think it may work only for big-endian machines; it may need an htonl() in the assignment. der Mouse mouse@collatz.mcrcim.mcgill.edu