[8505] in bugtraq
Re: tcpd -DPARANOID doesn't work, and never did
daemon@ATHENA.MIT.EDU (Wietse Venema)
Wed Nov 11 15:54:00 1998
Date: Wed, 11 Nov 1998 15:35:40 -0500
Reply-To: Wietse Venema <wietse@PORCUPINE.ORG>
From: Wietse Venema <wietse@PORCUPINE.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19981110231911.22413.qmail@cr.yp.to> from "D. J. Bernstein" at
"Nov 10, 98 11:19:11 pm"
D. J. Bernstein:
> Wietse Venema, BLURB, log_tcp 3.0, comp.sources.misc volume 23:
>
> Optional features are: access control based on pattern matching, and
> protection against rsh and rlogin attacks from hosts that pretend to
> have someone elses host name.
Let's be reasonable.
The claim obviously was to protect against known rshd/rlogind
attacks, not against every attack anyone might ever conceive.
In the course of maintaining tcpd I learned new things, and built
that knowledge into the software so that other people would profit
from what I had learned. In the process I helped to make systems
less vulnerable to known attacks.
However, no software can give total protection against every attack,
known or yet to be discovered. If you read such a claim in my
writing, then I apologize for not being clear enough.
Wietse
PS: It's an interesting attack, but I still haven't seen your
analysis of the effects of NIS, NSCD, etc. cacheing.
