[PROXYPER] Security of perproxy
First Spirit Sauron
sauron at angband.ee.ualberta.ca
Tue Sep 8 11:24:45 EDT 1998
On Mon, Sep 07, 1998 at 01:16:21PM -0500, Joe Zbiciak wrote:
> | is perproxy immune to buffer overflow kind of problems?
> I would imagine not. Without source code, an external source code
> audit is rather difficult.
As are customizing it for database hooks...
> | How do I know that?
> You don't know that. Therefore you should run the perproxy from an
> unprivileged userid.
Or run it in a chrooted hole. Which is probably a better idea.
> | And also, can I run perproxy from some tcp wrappers? (I don't think
> | so...)
> I believe that's correct, since it binds to the port directly and
> runs as a daemon, rather than being spawned by inetd.
If you are running linux, you can use ipchains (ipfwadm) to control access
Penguin Trivia #46:
Animals who are not penguins can only wish they were.
-- Chicago Reader 10/15/82
====-=-==== Jack (John) Cummings == cummings at nyquist.ee.ualberta.ca ====-=-====
========== for pgp public key --- finger the above address, and pray ==========
To unsubscribe, send 'unsubscribe proxyper' to majordomo at lists.distributed.net
More information about the proxyper