[Eug-lug] Wrapping for Access Control
Jeff_W
beaker at freeshell.org
Sat Jan 22 23:30:00 PST 2005
nparker at LLX.COM (Neil Parker) wrote:
> >I don't understand TCP wrappers, but from Bob's comment I'd guess the
> >wrapper is listening to port:70(?)
>
> Actually, TCP wrappers doesn't listen on ANY port.
>
> Understanding TCP wrappers requires understanding how inetd works.
> Inetd reads a configuration file (/etc/inetd.conf) that tells it what
> ports to listen on, and what client programs to invoke when something tries
> to connect to those ports. Inetd handles all the socket programming itself,
> and when it launches a client program to handle an incoming request, it
> connects the program's standard input and output to the socket. So all the
> client program has to do is read from its standard input and write to its
> standard output.
>
> TCP wrappers includes a special client program called "tcpd". The idea is
> that you tell inetd (via /etc/inetd.conf) to launch tcpd instead of the
> real client program. Tcpd checks the origin of the connection using its
> hosts.allow and hosts.deny files, and if the tests pass, it launches the
> real client program.
>
>
> Programs that don't expect to run under inetd have to do all their socket
> handling all by themselves. Fixing a standalone program to work under
> inetd generally means ripping out all that socket handling code and
> replacing it code that just reads from standard input and writes to
> standard output.
Hey Neil - thanks for the concise inetd explaination. I
don't really care about using inetd so much as having the
host access control provided by TCP Wrappers; it just seems
that TCPW is married to inetd (with the exception of sshd
and maybe sendmail). I think ultimately I'm going to need
to rely on a firewall to get real security, however the
simplicity of TCP Wrappers _is_ very attractive. I've
installed the tcpserver stuff but it looks pretty cryptic
so far; maybe if I just stare at it long enough ....
-Jeff
More information about the EUGLUG
mailing list