|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: tcpd -DPARANOID doesn't work, and never did
Wietse Venema (wietse
PORCUPINE.ORG)Wed, 11 Nov 1998 15:35:40 -0500
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Glynn Clements: "Re: Xinetd /tmp race?"
- Previous message: Aleph One: "Administrivia"
- In reply to: D. J. Bernstein: "Re: tcpd -DPARANOID doesn't work, and never did"
D. J. Bernstein:
> Wietse Venema, BLURB, log_tcp 3.0, comp.sources.misc volume 23:
>
> Optional features are: access control based on pattern matching, and
> protection against rsh and rlogin attacks from hosts that pretend to
> have someone elses host name.
Let's be reasonable.
The claim obviously was to protect against known rshd/rlogind
attacks, not against every attack anyone might ever conceive.
In the course of maintaining tcpd I learned new things, and built
that knowledge into the software so that other people would profit
from what I had learned. In the process I helped to make systems
less vulnerable to known attacks.
However, no software can give total protection against every attack,
known or yet to be discovered. If you read such a claim in my
writing, then I apologize for not being clear enough.
Wietse
PS: It's an interesting attack, but I still haven't seen your
analysis of the effects of NIS, NSCD, etc. cacheing.
- Next message: Glynn Clements: "Re: Xinetd /tmp race?"
- Previous message: Aleph One: "Administrivia"
- In reply to: D. J. Bernstein: "Re: tcpd -DPARANOID doesn't work, and never did"