[driverloader] Security in 1.2

Linuxant support support at linuxant.com
Tue Oct 28 11:11:06 EST 2003


Hi,

we have decided to make the Perl mini web server attach to all interfaces to
allow remote configuration. We consider it secure enough for this. The only
real issue is if someone was to log in remotely using his root password
since it's not going through HTTPS.

You can either block it with a firewall or modify the Perl script to attach
to the loopback interface only.

We might add an option in a later release.

Regards,

Jean-Simon Durand
Technical specialist / Linuxant
www.linuxant.com
support at linuxant.com


----- Original Message ----- 
From: "Ron Rosson" <insane at oneinsane.net>
To: <driverloader at lists.linuxant.com>
Sent: Tuesday, October 28, 2003 10:40 AM
Subject: [driverloader] Security in 1.2


Well The newest version works like a charm.. Only thing not tested is if
the kernel manics when it does:

halt -idp

This is still not good:

tcp        0      0 0.0.0.0:18020           0.0.0.0:*
LISTEN

it should be:

tcp        0      0 127.0.0.1:18020           0.0.0.0:*
LISTEN

I gave a shot at recoding the web server portion of the perl script but
failed due to my lack of coding in perl and sockets.

Would like to see this web server only attach to the loopback interface.

-Ron



More information about the driverloader mailing list