CrossNodes: tcpserver: Secure, Flexible Daemon Management

"If you're still running inetd, it's time to move on. Either xinetd or tcpserver offer superior security and control. We're going to look at tcpserver. Note that there is one limitation: it manages only tcp. If you're using UDP or rpc services, tcpserver alone will not do the job. In that case, xinetd is the way to go.

"tcpserver is part of the ucspi-tcp suite of tools by none other than the famous, and infamous, Daniel J. Bernstein. Professor Bernstein seems to inspire strong passions in the tech community; some refuse to use his software because they do not like the author. Other objections are that his programs install themselves in non-standard file locations, and that he keeps too tight a grip on the code. Personality issues aside, I find that his programs are lean, fast, secure, and worthy on their own merits. A special item of note is Professor Bernstein led the suit against the United States Government against export controls on encryption software, and won.

"DJB's security model is based on a zero-trust premise. His programs don't even trust themselves- each function is isolated from other parts of the program. They run in user accounts with restricted rights; services that require root access are as restricted and limited as possible. Any successful intrusion will be severely limited, if an intruder can get in at all..."

Complete Story

Related Stories:

• Mandrake Linux Community Newsletter -- Issue #45(Jun 07, 2002)
• Guido van Rossum: Python 2.1 alpha 1 released! (Jan 23, 2001)
• RootPrompt.org: Amateur Fortress Building in Linux Part 1(Sep 09, 2000)