Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 28 Jul 1998 11:20:30 +0200
From:      "IBS / Andre Oppermann" <andre@pipeline.ch>
To:        Brett Glass <brett@lariat.org>
Cc:        "Jan B. Koum" <jkb@best.com>, chat@FreeBSD.ORG, security@FreeBSD.ORG
Subject:   Re: FreeBSD Security How-To (Was: QPopper exploit)
Message-ID:  <35BD97DE.2E242C6E@pipeline.ch>
References:  <199807272300.RAA00688@lariat.lariat.org> <199807272354.RAA01585@lariat.lariat.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass wrote:
-snip-
> I do think that the section on eliminating inetd needs some fleshing out,
> though. Some servers, such as all of the POP3 daemons I've tried, don't
> seem to admit themselves to being run except from inetd. Also, the section
> should discuss the dangers of having a server die without any automatic
> means to resuscitate it. For example, the docs for identd warn against
> running it without inetd, since if it quits it will not be restarted.
> Perhaps a utility that checks for the presence of servers and restarts them
> if they've died could be developed as part of this effort and perhaps added
> to the FreeBSD distribution.

There's a nice tool called tcpserver avail from DJB (we all love his
coding style): ftp://koobera.math.uic.edu/www/ucspi-tcp.html

The description:
# tcpclient and tcpserver are easy-to-use command-line tools for
building
# TCP client-server applications. tcpclient makes a TCP connection and
# runs a program of your choice. tcpserver waits for incoming
connections
# and, for each connection, runs a program of your choice. Your program
# receives environment variables showing the local and remote host
names,
# IP addresses, and port numbers. 
# 
# tcpserver offers a concurrency limit to protect you from running out
# of processes and memory. When you are handling 40 (by default)
# simultaneous connections, tcpserver smoothly defers acceptance of
# new connections. 
# 
# tcpserver also provides TCP access control features, similar to
# tcp-wrappers/tcpd's hosts.allow but much faster. Its access control
# rules are compiled into a hashed format with cdb, so it can easily
# deal with thousands of different hosts. 
# 
# tcpclient and tcpserver conform to UCSPI, the UNIX Client-Server
# Program Interface, using the TCP protocol. UCSPI tools are available
# for several different networks.

-- 
Andre Oppermann

CEO / Geschaeftsfuehrer
Internet Business Solutions Ltd. (AG)
Hardstrasse 235, 8005 Zurich, Switzerland
Fon +41 1 277 75 75 / Fax +41 1 277 75 77
http://www.pipeline.ch    ibs@pipeline.ch

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35BD97DE.2E242C6E>