From owner-freebsd-security Mon Jul 27 13:16:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA29001 for freebsd-security-outgoing; Mon, 27 Jul 1998 13:16:59 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (root@COPLAND.CODA.CS.CMU.EDU [128.2.222.48]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA28919 for ; Mon, 27 Jul 1998 13:16:30 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id QAA10023 for ; Mon, 27 Jul 1998 16:15:59 -0400 (EDT) Date: Mon, 27 Jul 1998 16:15:59 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: freebsd-security@FreeBSD.ORG Subject: inetd enhancements (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This seems like security to me -- the binding issue is especially relevant to firewall hosts (multi-homed). Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ ---------- Forwarded message ---------- Date: Mon, 27 Jul 1998 12:19:56 -0500 From: Jacques Vidrine To: hackers@FreeBSD.ORG Subject: inetd enhancements -----BEGIN PGP SIGNED MESSAGE----- Hi, I'd like to add some functionality to inetd. The two features needed are: * binding selected services to a particular interface * chroot'ing before exec'ing the service I've implemented these features as a port that modifies the stock inetd source: http://www.freebsd.org/~nectar/ports/ninetd.shar http://www.freebsd.org/~nectar/ports/ninetd.tar.gz (the modified inetd gets installed in /usr/local/sbin, and gets its config from /usr/local/etc/inetd.conf, so it shouldn't be too intrusive) I also came across a patch that implements the binding in a different manner: see PR bin/2387. I'd like comments. Jacques Vidrine -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNby2vDeRhT8JRySpAQEzYQQAyWBRkv1lhYxrnT3GUeVSTh1CcUesQdXT nDvIIjO5AlQHXQodH241WZBED3v2fcnjmf5hc5msg3E4H5yx059T7TexG9pHeIXT EiUQe/ZqG6LP2Cs4rN3kGmPIsp1442byE3MmeaNO80VSmhv0olx6r5KV0YR4qVqo FyPgUDxwWcM= =S1bV -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message