Date: Tue, 28 Jul 1998 11:20:30 +0200 From: "IBS / Andre Oppermann" <andre@pipeline.ch> To: Brett Glass <brett@lariat.org> Cc: "Jan B. Koum" <jkb@best.com>, chat@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: FreeBSD Security How-To (Was: QPopper exploit) Message-ID: <35BD97DE.2E242C6E@pipeline.ch> References: <199807272300.RAA00688@lariat.lariat.org> <199807272354.RAA01585@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass wrote: -snip- > I do think that the section on eliminating inetd needs some fleshing out, > though. Some servers, such as all of the POP3 daemons I've tried, don't > seem to admit themselves to being run except from inetd. Also, the section > should discuss the dangers of having a server die without any automatic > means to resuscitate it. For example, the docs for identd warn against > running it without inetd, since if it quits it will not be restarted. > Perhaps a utility that checks for the presence of servers and restarts them > if they've died could be developed as part of this effort and perhaps added > to the FreeBSD distribution. There's a nice tool called tcpserver avail from DJB (we all love his coding style): ftp://koobera.math.uic.edu/www/ucspi-tcp.html The description: # tcpclient and tcpserver are easy-to-use command-line tools for building # TCP client-server applications. tcpclient makes a TCP connection and # runs a program of your choice. tcpserver waits for incoming connections # and, for each connection, runs a program of your choice. Your program # receives environment variables showing the local and remote host names, # IP addresses, and port numbers. # # tcpserver offers a concurrency limit to protect you from running out # of processes and memory. When you are handling 40 (by default) # simultaneous connections, tcpserver smoothly defers acceptance of # new connections. # # tcpserver also provides TCP access control features, similar to # tcp-wrappers/tcpd's hosts.allow but much faster. Its access control # rules are compiled into a hashed format with cdb, so it can easily # deal with thousands of different hosts. # # tcpclient and tcpserver conform to UCSPI, the UNIX Client-Server # Program Interface, using the TCP protocol. UCSPI tools are available # for several different networks. -- Andre Oppermann CEO / Geschaeftsfuehrer Internet Business Solutions Ltd. (AG) Hardstrasse 235, 8005 Zurich, Switzerland Fon +41 1 277 75 75 / Fax +41 1 277 75 77 http://www.pipeline.ch ibs@pipeline.ch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35BD97DE.2E242C6E>