tech-security: Re: libwrap (was Re: amd vulnerability: patch for 1.3.3)

Subject: Re: libwrap (was Re: amd vulnerability: patch for 1.3.3)
To: Brian C. Grayson <bgrayson@marvin.ece.utexas.edu>
From: Julian Assange <proff@iq.org>
List: tech-security
Date: 10/20/1999 14:46:12

  by redmail.netbsd.org with SMTP; 20 Oct 1999 04:46:19 -0000
	id C4DDA6C4FE; Wed, 20 Oct 1999 14:46:12 +1000 (EST)
To: "Brian C. Grayson" <bgrayson@marvin.ece.utexas.edu>
Cc: matthew green <mrg@eterna.com.au>,
	Manuel Bouyer <bouyer@antioche.lip6.fr>, tech-security@netbsd.org,
	itojun@iijlab.net
Subject: Re: libwrap (was Re: amd vulnerability: patch for 1.3.3)
References: <19991018014804.A19607@marvin.ece.utexas.edu> <16517.940229562@eterna.com.au> <19991018030305.A20667@marvin.ece.utexas.edu>
Cc: proff@iq.org
From: Julian Assange <proff@iq.org>
Date: 20 Oct 1999 14:46:12 +1000
In-Reply-To: "Brian C. Grayson"'s message of "Mon, 18 Oct 1999 03:03:05 -0500"
Message-ID: <wx7lki4p2j.fsf@suburbia.net>
Lines: 11
User-Agent: Gnus/5.070097 (Pterodactyl Gnus v0.97) XEmacs/21.1 (Big Bend)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

"Brian C. Grayson" <bgrayson@marvin.ece.utexas.edu> writes:

>   But I tried it out, and it appears to work.  So there's
> something to be said for naivete!  If all RPCs go through
> portmap, then I think this is good.  If there are sneaky ways
> to avoid portmap, then these changes may only provide a false
> sense of security.

There are sneaky ways to avoid portmap.

Julian.