[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: inetd

From: Alain Magloire
Subject: Re: inetd
Date: Mon, 2 Sep 2002 11:29:58 -0400 (EDT)

> On Mon, Sep 02, 2002 at 11:01:17AM -0400, Alain Magloire wrote:
> > In inetutils/NEWS:
> >  crated as uid 0.
> > ^^^^^^^
> > Typo.
> Gotit, thanks.

hum .. I made some annoying typos in my comments(rshd.c)
"clent" instead of "client" etc ...  My english skills was
less then good.

> > You mean an inetd security bug?  If yes do you have a fix?
> Nope, the rshd security fix where it would create new files as root
> regardless of who you were connecting as.  I looked over Chris'
> comments, and both the glibc manual and two other "programming
> securely" pages seem to agree that the right thing is to just do a
> setuid.
> The inetd stuff I want to do is just rewriting it so that it's all
> copyright the FSF.  I figured it's an easy place to start.

Ok, but you probably wants a list of features, that the new should/must
- read compatible/extended inetd.conf(for example openbsd(or one of the *BSD) 
has extend
  this a little for example binding of specific IP)
- The current inetutils/inetd reads snippets from inetd.d/*, the same thing 
that xinetd
  does but the snippets are inetd.conf formats.  Xinetd uses a different format.
  I suppose it could b e possible if the code is modular enough to load 
  type of parsing capabilities.
- xinetd does all sort of filtering a la tcpd, for example:
   * restriction on time of access
   * restriction on ip address, name, domain etc..
   * binding of specific IP

The filtering restriction could probably be in a different lib instead of 
inetd.  I think "tcpd" comes with a library.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]