Great Circle Associates Firewalls
(February 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Gopher server on a unix host
From: alastair @ cadence . com (Alastair Young)
Date: Tue, 8 Feb 1994 16:52:54 -0800
To: firewalls @ greatcircle . com

>I have heard great fear regarding running gopher service on a bastion host.
>The general tone of these concerns is that gopher is *too* willing to go
>do things "fer" its clients.
>
>Does anyone have a recipe for configuring gopher so that it does not open
>a gaping hole in a security perimeter?
>For example, is it sufficient to control what directories it reaches (a la FTP)
>and replace its popen() with one that parses for and precludes ";" and similar
>tricks?

Place the gopher server outside your packet filter/bastion host.

Use the TIS netacl to chroot the rodent it before it executes.

Al

---------------------------------------------------------------------------
Alastair Young                                     _               Ariel NH
Cadence Design Systems, Information Services     )/___     _     Red Hunter
555 River Oaks Parkway, 4B1                    __/(___)_*##/c 
San Jose CA 95134         Fax: (408)894-3487  / /\\|| \ /  \ Brakes'n'lites
alastair @
 cadence .
 com           (408)428-5278  \__/ ----'\__/  novel eh?
---------------------------------------------------------------------------
These statements and opinions are mine, not those of Cadence Design Systems


Indexed By Date Previous: Re: Advice on Inbound FTPD setup under TIS requested.
From: Shyela Aberman <labsha @ unix . cc . emory . edu>
Next: Re: Gopher server on a unix host
From: Dave Hayes <dave @ elxr . Jpl . Nasa . Gov>
Indexed By Thread Previous: Re: Gopher server on a unix host
From: chip @ chinacat . unicom . com (Chip Rosenthal)
Next: Re: Gopher server on a unix host
From: Dave Hayes <dave @ elxr . Jpl . Nasa . Gov>

Google
 
Search Internet Search www.greatcircle.com