[PROXYPER] Security of perproxy

First Spirit Sauron sauron at angband.ee.ualberta.ca
Tue Sep 8 11:24:45 EDT 1998


On Mon, Sep 07, 1998 at 01:16:21PM -0500, Joe Zbiciak wrote:

> | is perproxy immune to buffer overflow kind of problems? 

> I would imagine not.  Without source code, an external source code
> audit is rather difficult.

As are customizing it for database hooks...

> | How do I know that?

> You don't know that.  Therefore you should run the perproxy from an 
> unprivileged userid.

Or run it in a chrooted hole. Which is probably a better idea. 

> | And also, can I run perproxy from some tcp wrappers? (I don't think 
> | so...)

> I believe that's correct, since it binds to the port directly and
> runs as a daemon, rather than being spawned by inetd.

If you are running linux, you can use ipchains (ipfwadm) to control access
to it. 

--Jack

Penguin Trivia #46:
	Animals who are not penguins can only wish they were.
		-- Chicago Reader 10/15/82
====-=-==== Jack (John) Cummings == cummings at nyquist.ee.ualberta.ca ====-=-====
========== for pgp public key --- finger the above address, and pray ==========

--
To unsubscribe, send 'unsubscribe proxyper' to majordomo at lists.distributed.net



More information about the proxyper mailing list