TCP wrappers - starting tcpd ?
Kristian Rink
kristian at zimmer428.net
Fri Aug 25 11:40:39 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am Fri, 25 Aug 2006 12:31:23 +0100
schrieb Dave S <ubuntu at pusspaws.net>:
> > Thus, you shouldn't have a starter script for tcpd in init.d, nor
> > should there be any tcpd processes running. You could check this out
> > using a service like, say, ftp exposed using inetd...
>
> Ah I was hopeing that I did not have to use inetd - due to security
> concerns but what you say makes sense.
I can imagine what you mean. :) However, if my memory serves me well,
tcpd was implemented and established in order to fix some of the
shortcomings in securing inetd-based services. Exposing stuff via inetd
is extremely easy, nothing keeps you from actually "registering" some
sort of shell-script there to serve as a connection endpoint -
actually, a highly proprietary document management system we're running
at work is configured right this way on the Unix platform.
Needless to say this is just begging to be abused, especially because
inetd, doesn't provide any security and protection measures...
Cheers,
Kris
- --
Kristian Rink * http://zimmer428.net * jab: kawazu at jabber.ccc.de
icq: 48874445 * fon: ++49 176 2447 2771
"One dreaming alone, it will be only a dream; many dreaming together
is the beginning of a new reality." (Hundertwasser)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE7uG+cxBAPOA1m6wRAsSUAJ40boe3/KZCDBzaqaPkBRYrQz1/0QCfXtlq
hIXA4am1ZB6qD6ryXT0ZJEg=
=5gQZ
-----END PGP SIGNATURE-----
More information about the ubuntu-users
mailing list