Gentoo Archives: gentoo-security

From: "Łukasz C. Jokiel" <Lukasz.Jokiel@××××××××××.pl>
To: gentoo-security <gentoo-security@l.g.o>
Subject: RE: [gentoo-security] hosts.{allow,deny} vs. iptables.
Date: Thu, 13 Oct 2005 19:25:07
In Reply to: RE: [gentoo-security] hosts.{allow,deny} vs. iptables. by Giles Coochey
10/13/2005, "Giles Coochey" <giles.coochey@××××××××××××××××.com>

>Iptables is nice because it is at kernel level, if someone were to try >to hack it so that your Iptables commands were ignored then they would >need to be able to reboot the box, something that you would probably
Do I understand correctly that you claim that to undo the iptables you need to reboot box ? Or maybe you claim something that you assume but do not tell (non-vanilla hardened systemem) ?
>notice in a managed environment. > >Tcpd runs in userspace, so given root access is a lot easier to >compromise the executable.
I don't get your point... If you give me root access - what's the difference in r00ting the box via fake iptables or tcpd ? Anyway comparing iptables with tcpd is rather useless, they seem to perform the same job but they fight on different fronts.
> >NOTICE: This e-mail message and all attachments >transmitted with it may contain legally privileged and >confidential information intended solely for the use of >the addressee. If the reader of this message is not the
Well, pretty much anybody can subs to this list.
>intended recipient, you are hereby notified that any >reading, dissemination, distribution, copying, or other >use of this message or its attachments, hyperlinks, or >any other files of any kind is strictly prohibited. If you >have received this message in error, please notify the >sender immediately by telephone (+44-1865-265500) or by >a reply to this electronic mail message and delete this >message and all copies and backups thereof.
And how can you enforce that ? Excuse me but I think such notices are complete waste of space & time, while attached to public mailing list. Please do not attach them, thank you! -- gentoo-security@g.o mailing list


Subject Author
[gentoo-security] prelude-lml and log_prefix_regex Chris <chris@×××××××××××.net>