On Wed, 18 Nov 1998, Cary B. O'Brien wrote:
> I'd have to agree with Eric about the TCP/IP connection for diald
> control. This would worry me. On the boxes we send out all IP
> services are shut down except those that are absolutely required.
> I hope this thing is going to be optional, otherwise I'll have
> to rip it out.
Of course it's optional :-). If you don't tell it what port
to listen on it won't listen. If you do tell it to listen it
will check all connections using tcpwrappers. (I suspect it
should take an IP address to bind to as well so you could
choose to completely ignore anything but the chosen, local,
interface. Otherwise there could be denial of service attacks
possible. But you could use input firewalling to give the
same, or more fine grained, protection so it probably isn't
worth it.)
> I'd rather see an optional daemon started from inetd to do the
> external control. That way the diald code doesn't have to have the
> extra security stuff, or the socket stuff for that matter. Just let
> inetd[1] handle accepting the connection and tcpd (tcp-wrappers)
> handle access control. Heck, this can be done with a shell script,
> like the connect script for incoming ppp connections.
Yeah... Then each TCP monitor connection forks an extra daemon
to route between a fifo and the TCP connection. Then every
second (at least) you have a context switching orgy :-).
Mike
--
.----------------------------------------------------------------------.
| Mike Jagdis | Internet: [EMAIL PROTECTED] |
| 280, Silverdale Road, Earley, | Voice: +44 118 926 6996 |
| Reading RG6 7NU ENGLAND | Work: +44 118 989 0403 |
`----------------------------------------------------------------------'
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
