[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /etc/hosts.deny

Hello Mario,

* Mario Vukelic wrote:

> On 08 Apr 2001 14:41:47 -0700, Tyrin Price wrote:
> > Here are some examples commented out  :-)
> > 
> > #:RPC: RPC based services
> > #mountd/1   dgram   rpc/udp wait    root    /usr/sbin/tcpd /usr/sbin/rpc.mountd
> > #rstatd/1-3 dgram   rpc/udp wait    root    /usr/sbin/tcpd /usr/sbin/rpc.rstatd
> > #rusersd/2-3    dgram   rpc/udp wait    root    /usr/sbin/tcpd /usr/sbin/rpc.rusersd
> > #walld/1    dgram   rpc/udp wait    root    /usr/sbin/tcpd /usr/sbin/rpc.rwalld
> Wow, thanks a lot!

I think this is interesting for you, too:
6.1 - Known wrapper limitations

Many UDP (and rpc/udp) daemons linger around for a while after they
have serviced a request, just in case another request comes in.  In the
inetd configuration file these daemons are registered with the `wait'
option. Only the request that started such a daemon will be seen by the
wrappers.  Such daemons are better protected with the securelib shared
library (see: Related software).

The wrappers do not work with RPC services over TCP. These services are
registered as rpc/tcp in the inetd configuration file. The only non-
trivial service that is affected by this limitation is rexd, which is
used by the on(1) command. This is no great loss.  On most systems,
rexd is less secure than a wildcard in /etc/hosts.equiv.




* A good website for linuxsoftware:    |      (o_      *
*       http://www.freshmeat.net       |      //\      *        
*           Linux rulez!    ;-)        |      V_/_     *
* GnuPG-Key: 0xBE21BD90 | Tux: #155220 | ICQ: 64035650 *

Reply to: