[Bug 695240] Re: $AllowedSender directive is ignored

Sat May 25 20:17:25 UTC 2013

Sorry for the noise, I just retested with RELP and indeed the
$AllowedSender doesn't restrict it. The code only allows to restrict
UDP, TCP and GSS connections:
http://git.adiscon.com/?p=rsyslog.git;a=blob;f=runtime/net.c;h=b291213e4ae6caee8b197b40d86ca5ff860b9536;hb=HEAD#l89

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/695240

Title:
  $AllowedSender directive is ignored

Status in “rsyslog” package in Ubuntu:
  Fix Released

Bug description:
  Binary package hint: rsyslog

  Even though I have

  $AllowedSender TCP, 128.59.145.208, 128.59.147.205, 128.59.147.192,
  128.59.144.145

  in /etc/rsyslog.conf, rsyslog happily accepts relp messages from
  128.59.146.167.

  The changelog mentions

  rsyslog (3.18.6-1) unstable; urgency=high

    * New upstream bugfix release.
      - Fix "$AllowedSender" security bypass vulnerability. The "$AllowedSender"
        configuration directive was not respected, allowing unrestricted network
        access to the application. Closes: #508027
        No CVE id yet.

  So this looks like a regression.

  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: rsyslog 4.2.0-2ubuntu8.1
  ProcVersionSignature: Ubuntu 2.6.32-27.49-server 2.6.32.26+drm33.12
  Uname: Linux 2.6.32-27-server x86_64
  Architecture: amd64
  Date: Tue Dec 28 21:35:13 2010
  ProcEnviron:
   PATH=(custom, user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: rsyslog

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/695240/+subscriptions