Bugtraq mailing list archives
Re: tcpd -DPARANOID doesn't work, and never did
From: wietse () PORCUPINE ORG (Wietse Venema)
Date: Wed, 11 Nov 1998 15:35:40 -0500
D. J. Bernstein:
Wietse Venema, BLURB, log_tcp 3.0, comp.sources.misc volume 23: Optional features are: access control based on pattern matching, and protection against rsh and rlogin attacks from hosts that pretend to have someone elses host name.
Let's be reasonable.
The claim obviously was to protect against known rshd/rlogind
attacks, not against every attack anyone might ever conceive.
In the course of maintaining tcpd I learned new things, and built
that knowledge into the software so that other people would profit
from what I had learned. In the process I helped to make systems
less vulnerable to known attacks.
However, no software can give total protection against every attack,
known or yet to be discovered. If you read such a claim in my
writing, then I apologize for not being clear enough.
Wietse
PS: It's an interesting attack, but I still haven't seen your
analysis of the effects of NIS, NSCD, etc. cacheing.
Current thread:
- Re: tcpd -DPARANOID doesn't work, and never did Wietse Venema (Nov 09)
- <Possible follow-ups>
- Re: tcpd -DPARANOID doesn't work, and never did Dave Barr (Nov 09)
- Re: tcpd -DPARANOID doesn't work, and never did D. J. Bernstein (Nov 09)
- Re: Several new CGI vulnerabilities Randal Schwartz (Nov 09)
- Re: tcpd -DPARANOID doesn't work, and never did Wietse Venema (Nov 09)
- Re: tcpd -DPARANOID doesn't work, and never did Darren Reed (Nov 10)
- Re: tcpd -DPARANOID doesn't work, and never did Greg A. Woods (Nov 10)
- Re: tcpd -DPARANOID doesn't work, and never did Jim Dennis (Nov 09)
- Re: tcpd -DPARANOID doesn't work, and never did D. J. Bernstein (Nov 10)
- Re: tcpd -DPARANOID doesn't work, and never did Wietse Venema (Nov 11)