TCP wrappers - starting tcpd ?
Dave S
ubuntu at pusspaws.net
Fri Aug 25 11:46:40 UTC 2006
On Friday 25 August 2006 12:40, Kristian Rink wrote:
> Am Fri, 25 Aug 2006 12:31:23 +0100
>
> schrieb Dave S <ubuntu at pusspaws.net>:
> > > Thus, you shouldn't have a starter script for tcpd in init.d, nor
> > > should there be any tcpd processes running. You could check this out
> > > using a service like, say, ftp exposed using inetd...
> >
> > Ah I was hopeing that I did not have to use inetd - due to security
> > concerns but what you say makes sense.
>
> I can imagine what you mean. :) However, if my memory serves me well,
> tcpd was implemented and established in order to fix some of the
> shortcomings in securing inetd-based services. Exposing stuff via inetd
> is extremely easy, nothing keeps you from actually "registering" some
> sort of shell-script there to serve as a connection endpoint -
> actually, a highly proprietary document management system we're running
> at work is configured right this way on the Unix platform.
>
> Needless to say this is just begging to be abused, especially because
> inetd, doesn't provide any security and protection measures...
>
> Cheers,
> Kris
>
I think I will head the IP tables route - its probably going to be easier - I
was tempted by TCP wrappers - they looked neat :)
Dave
More information about the ubuntu-users
mailing list