Re: tcpd with xinetd
-> > a few years ago i patches tcpd to cooperate with xinetd; the patch is on
-> > ftp://ftp.tuke.sk/pub/unix/security/tcpd_xinetd.patch
-> >
-> > The problem is xinetd doesn't allow to define argv[0] thus tcpd would call
-> > itself; this patch increases argv if argv[0] eauqls to "tcpd", "in.tcpd"
-> > or "in.frontd" (defined in Makefile).
-> >
-> > This allows to join advantages of xinetd and tcpd; better checks etc.
-> > I'd like to make patch to xinetd which would join it more close - xinetd
-> > could call hosts_access() from libwrap; I've heard some FreeBSD developers
-> > are doing that.
-> >
-> > Could anyone comment this ? OR probably make new xinetd package with this
-> > patch included ?
->
-> Why would you want to do this? Xinetd already has access control based on
-> ip address, host name and time of day. What features of tcpd are you
-> missing in xinetd?
many features; you probaby don't know all features of tcpd and some limits
of xinetd when you're asking this (sorry).
1. tcpd has all configuration in one or two files and can be used together
with many programs
2. for example you cannot allow/deny .domain.tld in xinetd
3. you can selectively allow/deny domains subdomains and hosts with tcpd
all:deny
domain:allow
subdomain.domain:deny
host.subdomain.domain:allow
etc.
4. read manual page for hosts_options
of course some features would be redunant but i still think joining tcpd and
xinetd would be great
--
Matus "fantomas" Uhlar, sysadmin at NETLAB+ Kosice, Slovakia
BIC coord for *.sk; admin of netlab.irc.sk; co-admin of irc.felk.cvut.cz
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: