Re: tcpd -DPARANOID doesn't work, and never did

From: Wietse Venema (wietseat_private)
Date: Wed Nov 11 1998 - 12:35:40 PST

Next message: Glynn Clements: "Re: Xinetd /tmp race?"

Previous message: Aleph One: "Administrivia"
Maybe in reply to: D. J. Bernstein: "tcpd -DPARANOID doesn't work, and never did"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

D. J. Bernstein:
> Wietse Venema, BLURB, log_tcp 3.0, comp.sources.misc volume 23:
>
>    Optional features are: access control based on pattern matching, and
>    protection against rsh and rlogin attacks from hosts that pretend to
>    have someone elses host name.

Let's be reasonable.

The claim obviously was to protect against known rshd/rlogind
attacks, not against every attack anyone might ever conceive.

In the course of maintaining tcpd I learned new things, and built
that knowledge into the software so that other people would profit
from what I had learned.  In the process I helped to make systems
less vulnerable to known attacks.

However, no software can give total protection against every attack,
known or yet to be discovered.  If you read such a claim in my
writing, then I apologize for not being clear enough.

        Wietse

PS: It's an interesting attack, but I still haven't seen your
analysis of the effects of NIS, NSCD, etc. cacheing.

Next message: Glynn Clements: "Re: Xinetd /tmp race?"
Previous message: Aleph One: "Administrivia"
Maybe in reply to: D. J. Bernstein: "tcpd -DPARANOID doesn't work, and never did"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:50 PDT