Subject: Re: echo-like replacement for telnetd
To: Giorgos Keramidas <keramida@ceid.upatras.gr>
From: Andy R <quadreverb@yahoo.com>
List: netbsd-help
Date: 09/18/2002 15:58:24
--- Giorgos Keramidas <keramida@ceid.upatras.gr>
wrote:
> On 2002-09-18 10:04, Andy R <quadreverb@yahoo.com>
> wrote:
> > I had a FreeBSD machine I had to do something
> similar with, so I
> > just tried compiling a C program that was a bunch
> of printf's,
> > changed the line in inetd to point to this program
> instead of the
> > real telnetd, and it works fine. Prints out
> information, then exits.
> > Windows telnet clients don't display it right
> though, it wraps. Real
> > telnet clients work fine.
> >
> > Maybe someone can tell me if this is secure?
> 
> No.  At least, not without seeing the source.
> 
> But you went and put yourself into a lot of trouble
> to reimplement
> something that is already there, as a feature.  Try
> adding the
> following to your hosts.allow file:
> 
> 	telnet : 127.0.0.1 : allow
> 	telnet : ALL \
> 		: severity auth.info \
> 		: twist /bin/echo "You are not welcome to use %d
> from %h."
> 
> The libwrap support of inetd(8) will take care of
> the rest :-)

You learn something new every day... I had searched
high and low for information like this but never found
it. I finally decided to just make a program of all
printf's (don't see how it could be a security
exposure) and just pointed the telnet line in inetd at
it. Wish I new how to find out what you just told me
above back then. This stuff isn't always easy... (It
isn't even sometimes easy for me!)

Andy

__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com