InetD and ports and security

Would it be wrong for an application to use ports in inetd for security purposes?
Anthony LuciaAsked:
Who is Participating?
 
woolmilkporcConnect With a Mentor Commented:
inetd is definitely designed for starting applications automatically whenever a request is made.

This is mainly used for 24/7 applications like an FTP server, telnet/remote shell access or special things like the "bootp" server, IMAP or POP servers or also the Samba server, including its configuration tool SWAT.

Of course it is true that when full control over an application's availability (which is not always closely related to security!) is desired then putting it under control of inetd is not very practical.
Sure you could manipulate inetd.conf (remove or add the concerned port entry) and restart inetd, but then you could also take the application permanently out of inetd to start/stop it manually.

Thus, if the application itself is not very secure so that you want to have it available on demand only then don't use inetd, but if you have a secure application which must be available 24/7 then inetd is still a good choice.

Note: If network access is desired for some applications which don't provide network capability themselves then these applications must run under inetd.
Examples are "systat" which calls the standard "ps" binary or "netstat" which calls the standard "netstat" binary.
However, most admins choose not to enable such types of access at all, because sensitive system information could be disclosed without any authentication or authorization.
0
 
TintinCommented:
If you have a daemon that uses the same port that a service defined in inetd.conf, then you'll have a conflict as both the inetd daemon and the specified daemon will attempt to listen on the same port.
0
 
woolmilkporcCommented:
Once inetd has helped initiating a connection establishment between client and application (see your other thread on inetd) it's the task of the application (and the client) to care for security. inetd is almost out of the game then. inetd just acts as kind of a communication broker.
0
 
Anthony LuciaAuthor Commented:
wmp:

If inetd opens a connection (and apparently starts an application), wouldn't it be better that the App does not have a port defined in inetd, so the app would not be started by any one other than the admin of the app (and the app could be down whenever the admin chooses, instead of starting up automatically?

Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.