InetD and ports and security

Posted on 2014-03-18
Medium Priority
Last Modified: 2014-03-19
Would it be wrong for an application to use ports in inetd for security purposes?
Question by:Anthony Lucia
  • 2
LVL 48

Expert Comment

ID: 39938356
If you have a daemon that uses the same port that a service defined in inetd.conf, then you'll have a conflict as both the inetd daemon and the specified daemon will attempt to listen on the same port.
LVL 68

Expert Comment

ID: 39938357
Once inetd has helped initiating a connection establishment between client and application (see your other thread on inetd) it's the task of the application (and the client) to care for security. inetd is almost out of the game then. inetd just acts as kind of a communication broker.

Author Comment

by:Anthony Lucia
ID: 39939627

If inetd opens a connection (and apparently starts an application), wouldn't it be better that the App does not have a port defined in inetd, so the app would not be started by any one other than the admin of the app (and the app could be down whenever the admin chooses, instead of starting up automatically?

LVL 68

Accepted Solution

woolmilkporc earned 2000 total points
ID: 39939698
inetd is definitely designed for starting applications automatically whenever a request is made.

This is mainly used for 24/7 applications like an FTP server, telnet/remote shell access or special things like the "bootp" server, IMAP or POP servers or also the Samba server, including its configuration tool SWAT.

Of course it is true that when full control over an application's availability (which is not always closely related to security!) is desired then putting it under control of inetd is not very practical.
Sure you could manipulate inetd.conf (remove or add the concerned port entry) and restart inetd, but then you could also take the application permanently out of inetd to start/stop it manually.

Thus, if the application itself is not very secure so that you want to have it available on demand only then don't use inetd, but if you have a secure application which must be available 24/7 then inetd is still a good choice.

Note: If network access is desired for some applications which don't provide network capability themselves then these applications must run under inetd.
Examples are "systat" which calls the standard "ps" binary or "netstat" which calls the standard "netstat" binary.
However, most admins choose not to enable such types of access at all, because sensitive system information could be disclosed without any authentication or authorization.

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Feeling responsible for an unfortunate ransomware infection on my parent's network, persistence paid off as I was able to decrypt a strain of ransomware that was not previously (or at least publicly) cracked. I hope this helps others out there affec…
A question that many companies need to answer until May 25th of 2018... Is your company ready for GDPR?
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

587 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question