Date: Wed, 24 Jan 96 10:28:44 -0800 From: Cy Schubert - BCSC Open Systems Group <cschuber@uumail.gov.bc.ca> To: Nathan Lawson <nlawson@statler.csc.calpoly.edu> Cc: jseng@stf.org.sg (James Seng), security@freebsd.org Subject: Re: Ownership of files/tcp_wrappers port Message-ID: <199601241828.KAA13149@passer.osg.gov.bc.ca> In-Reply-To: Your message of "Wed, 24 Jan 96 02:12:18 PST." <199601241012.CAA11879@statler.csc.calpoly.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Nathan Lawson <nlawson@statler.csc.calpoly.edu> wrote: > > On Tue, 23 Jan 1996, Nathan Lawson wrote: > > Before we get over paranoid over security, lets us remember that the > > primary aim of a base distribution is to provide an dynamic system, of > > course minus the security bugs. > > Well, then FreeBSD has failed. See the recent telnetd environment bug for > an example of this. If you had wrapped telnetd and only allowed connects > from certain sites, you could have limited the scope of this vulnerability. In that case so have Sun, IBM, DEC, and HP, to name a few, failed. Bugs are the nature of the beast. Though TCPD is a good product, configuration is at the heart of the issue. For example I like to use the auth facility for logging TCPD logs not the mail facility. Even when I ran Linux I had to recompile TCPD, for the reason I stated above and because Slackware had an older copy of TCPD. Ports is where TCPD belongs. It doesn't take much to extract TCPD, reconfigure it and do a make install. As far as converting inetd.conf to use TCPD, here is an awk script I use on the Sun and DEC boxes I manage at work. This could be incorporated in the port to make the job of installing TCPD much easier. #!/usr/bin/awk -f $1 !~ /^#/ && $6 != "internal" && $6 !~ /tcpd/ && $6 ~ /sbin/ && $7 !~ /identd/ {print "## " $0; print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 "\t/usr/local/etc/tcpd\t" $7 "\t" $8 " " $9} $1 !~ /^#/ && $6 != "internal" && $6 !~ /tcpd/ && $6 !~ /sbin/ && $7 !~ /identd/ {print "## " $0; print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 "\t/usr/local/etc/tcpd\t" $6 "\t" $8 " " $9} $1 != "time" && $6 == "internal" {print "## " $0} $1 == "time" {print $0} $1 ~ /^#/ || $6 ~ /tcpd/ || $7 ~ /identd/ {print $0} Regards, Phone: (604)389-3827 Cy Schubert OV/VM: BCSC02(CSCHUBER) Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET BC Systems Corp. Internet: cschuber@uumail.gov.bc.ca cschuber@bcsc02.gov.bc.ca "Quit spooling around, JES do it."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601241828.KAA13149>