Date: Mon, 27 Jul 1998 18:18:42 -0400 (EDT) From: woods@zeus.leitch.com (Greg A. Woods) To: Jacques Vidrine <n@nectar.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: inetd enhancements (fwd) Message-ID: <199807272218.SAA14531@brain.zeus.leitch.com> In-Reply-To: Robert Watson's message of "Mon, July 27, 1998 16:15:59 -0400" regarding "inetd enhancements (fwd)" id <Pine.BSF.3.96.980727161523.8094F-100000@fledge.watson.org> References: <Pine.BSF.3.96.980727161523.8094F-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[ On Mon, July 27, 1998 at 16:15:59 (-0400), Robert Watson wrote: ] > Subject: inetd enhancements (fwd) > > > This seems like security to me -- the binding issue is especially relevant > to firewall hosts (multi-homed). > > Robert N Watson > > Carnegie Mellon University http://www.cmu.edu/ > TIS Labs at Network Associates, Inc. http://www.tis.com/ > SafePort Network Services http://www.safeport.com/ > robert@fledge.watson.org http://www.watson.org/~robert/ > > ---------- Forwarded message ---------- > Date: Mon, 27 Jul 1998 12:19:56 -0500 > From: Jacques Vidrine <n@nectar.com> > To: hackers@FreeBSD.ORG > Subject: inetd enhancements > > -----BEGIN PGP SIGNED MESSAGE----- > > Hi, > > I'd like to add some functionality to inetd. The two features > needed are: > > * binding selected services to a particular interface There's a version of this feature in NetBSD's inetd. I don't know if it's similar to your idea or to PR#2387's, but it would be nice to see all BSDs use the same config file interface.... > * chroot'ing before exec'ing the service This is probably better done by a wrapper. Getting the chroot area set up can be very tricky and anyone capable of doing so can easily write the appropriate wrapper too. > I've implemented these features as a port that modifies the > stock inetd source: > > http://www.freebsd.org/~nectar/ports/ninetd.shar > http://www.freebsd.org/~nectar/ports/ninetd.tar.gz > > (the modified inetd gets installed in /usr/local/sbin, > and gets its config from /usr/local/etc/inetd.conf, so > it shouldn't be too intrusive) > > I also came across a patch that implements the binding > in a different manner: see PR bin/2387. > > I'd like comments. > > Jacques Vidrine <n@nectar.com> > > > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBNby2vDeRhT8JRySpAQEzYQQAyWBRkv1lhYxrnT3GUeVSTh1CcUesQdXT > nDvIIjO5AlQHXQodH241WZBED3v2fcnjmf5hc5msg3E4H5yx059T7TexG9pHeIXT > EiUQe/ZqG6LP2Cs4rN3kGmPIsp1442byE3MmeaNO80VSmhv0olx6r5KV0YR4qVqo > FyPgUDxwWcM= > =S1bV > -----END PGP SIGNATURE----- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > -- Greg A. Woods +1 416 443-1734 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807272218.SAA14531>