> Mike Jagdis <[EMAIL PROTECTED]> writes:
>
> > On Thu, 12 Nov 1998, brian beuning wrote:
> >
> > > All these nice dctrl features are lost on me because my linux box does
> > > not have X installed, and it usually does not have a monitor connected
> > > either. I telnet into Linux, and only connect a monitor when I have made a
> > > system config change that does not let it reboot.
> >
> > Then TCP monitor connections may be for you :-). Use the Windows
> > port of tcl/tk to run dctrl and connect via TCP to diald on the
> > Linux system.
>
> Hmm, the reason I never did this in the first place was that I feared
> the security implications. At the very least you should arrange to reject
> connections from "outside" IP addresses. I suppose you could require a
> connection password as well...
>
I'd have to agree with Eric about the TCP/IP connection for diald
control. This would worry me. On the boxes we send out all IP
services are shut down except those that are absolutely required.
I hope this thing is going to be optional, otherwise I'll have
to rip it out.
I'd rather see an optional daemon started from inetd to do the
external control. That way the diald code doesn't have to have the
extra security stuff, or the socket stuff for that matter. Just let
inetd[1] handle accepting the connection and tcpd (tcp-wrappers)
handle access control. Heck, this can be done with a shell script,
like the connect script for incoming ppp connections.
In general, look long and hard at new features. Avoid
feeping creatureism where possible.
-- cary
[1] or xinetd, isn't that th one where you can specify the ip address
as well as the port?
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
