SUMMARY: (In)Security with EXCEED

From: Sujit Choudhury (
Date: Mon Nov 20 2000 - 09:24:55 CST

Thanks very much for all the E-Mails on this subject.

Most people have suggested Wietse Venema's tcp wrapper program and
using /etc/hosts.allow and /etc/hosts.deny with it.
Basically putting tcpd program in /usr/local/bin/tcpd,
and changing /etc/inetd.conf file to use:
exec stream tcp nowait root /usr/local/bin/tcpd in.rexecd

/etc/hosts.allow should have:
in.rexecd: ip-address1, ip-address2, ....

/etc/hosts.deny should have:
in.rexecd: ALL EXCEPT ip-address1, ip-address2, ....

I have implemented it and it works!

Many people have also suggested using ssh and its built-in X11
forwarding capability. I have not yet done this but I will try it out
in the next few weeks.

Again many thanks to every body.


This was my question:-
I would like to use EXCEED to use the functionality of the xterminal.
However it seems that it depends on REXEC protocol and using that you
can even login as root. You don't have to login as root from the
console! Is there any wrapper program that would ensure that REXEC can
only be used from certain IP addresses?

U BEFORE POSTING please READ the FAQ located at
. and the list POLICY statement located at
A To submit questions/summaries to this list send your email message to:
A To unsubscribe from this list please send an email message to:
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:23 CDT