Date: Wed, 24 Jan 96 10:28:44 -0800 From: Cy Schubert - BCSC Open Systems Group <cschuber@uumail.gov.bc.ca> To: Nathan Lawson <nlawson@statler.csc.calpoly.edu> Cc: jseng@stf.org.sg (James Seng), security@freebsd.org Subject: Re: Ownership of files/tcp_wrappers port Message-ID: <199601241828.KAA13149@passer.osg.gov.bc.ca> In-Reply-To: Your message of "Wed, 24 Jan 96 02:12:18 PST." <199601241012.CAA11879@statler.csc.calpoly.edu>
index | next in thread | previous in thread | raw e-mail
Nathan Lawson <nlawson@statler.csc.calpoly.edu> wrote:
> > On Tue, 23 Jan 1996, Nathan Lawson wrote:
> > Before we get over paranoid over security, lets us remember that the
> > primary aim of a base distribution is to provide an dynamic system, of
> > course minus the security bugs.
>
> Well, then FreeBSD has failed. See the recent telnetd environment bug for
> an example of this. If you had wrapped telnetd and only allowed connects
> from certain sites, you could have limited the scope of this vulnerability.
In that case so have Sun, IBM, DEC, and HP, to name a few, failed. Bugs are the
nature of the beast. Though TCPD is a good product, configuration is at the
heart of the issue. For example I like to use the auth facility for logging
TCPD logs not the mail facility. Even when I ran Linux I had to recompile TCPD,
for the reason I stated above and because Slackware had an older copy of TCPD.
Ports is where TCPD belongs. It doesn't take much to extract TCPD, reconfigure
it and do a make install.
As far as converting inetd.conf to use TCPD, here is an awk script I use on the
Sun and DEC boxes I manage at work. This could be incorporated in the port to
make the job of installing TCPD much easier.
#!/usr/bin/awk -f
$1 !~ /^#/ && $6 != "internal" && $6 !~ /tcpd/ && $6 ~ /sbin/ && $7 !~ /identd/
{print "## " $0;
print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 "\t/usr/local/etc/tcpd\t" $7
"\t" $8 " " $9}
$1 !~ /^#/ && $6 != "internal" && $6 !~ /tcpd/ && $6 !~ /sbin/ && $7 !~
/identd/ {print "## " $0;
print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 "\t/usr/local/etc/tcpd\t" $6
"\t" $8 " " $9}
$1 != "time" && $6 == "internal" {print "## " $0}
$1 == "time" {print $0}
$1 ~ /^#/ || $6 ~ /tcpd/ || $7 ~ /identd/ {print $0}
Regards, Phone: (604)389-3827
Cy Schubert OV/VM: BCSC02(CSCHUBER)
Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET
BC Systems Corp. Internet: cschuber@uumail.gov.bc.ca
cschuber@bcsc02.gov.bc.ca
"Quit spooling around, JES do it."
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601241828.KAA13149>