Hi here!
I looked to tons of docs right now, checked a lot of packages
etc etc, and found many inconsistences (I think) in Linux
world at a whole and in RedHat as a part of.
Here is only one example:
The good old inetd daemon have a "good" old disadvantages
some of that are avoided by tcp_wrappers for now. But some are
not. Them comes from security considerations.
Excellent book by Kurt Seifried (http://www.seifried.org/lasg)
says a lot about security and recommends to use firewalling
rules to block packets from outside world for services run
from inetd. This is a bit hard for kernel (as Kurt sayd and
I agree with him). But is it better to enhance inetd to,
for example, bound not to *.telnet, but, say, localnet.telnet?
And do most things that tcp_wrappers does? This will solve
other part of problems that missed in wrappers solution.
For example, instead of having
telnet stream tcp ...
we can have
telnet:localnet stream tcp ...
or something like.
So question is -- what to do for "right things"? Why use workaround
like wrappers and not to patch inetd? And where such a question
should come to?
Regards,
Michael.
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
