Practical UNIX & Internet Security

Practical UNIX & Internet SecuritySearch this book
Previous: 21.6 Final CommentsChapter 22Next: 22.2 sendmail (smap/smapd) Wrapper
 

22. Wrappers and Proxies

Contents:
Why Wrappers?
sendmail (smap/smapd) Wrapper
tcpwrapper
SOCKS
UDP Relayer
Writing Your Own Wrappers

A wrapper is a program that is used to control access to a second program. The wrapper literally wraps around the second program, allowing you to enforce a higher degree of security than the program can enforce on its own.

22.1 Why Wrappers?

Wrappers are a recent invention in UNIX security. These programs were born out of the need to modify operating systems without access to the systems' source code. However, their use has grown. and wrappers have become a rather elegant security tool for a variety of reasons:

One common use of wrappers is to limit the amount of information reaching a network-capable program. The default design of such programs can be too trusting, and can accept too much information without validation. We will discuss a few common examples later in this chapter.

This chapter describes three common wrappers:

This chapter also briefly describes the UDP Relayer, developed by Tom Fitzgerald. The final section of this chapter describes the situations in which you might wish to write wrappers of your own.


Previous: 21.6 Final CommentsPractical UNIX & Internet SecurityNext: 22.2 sendmail (smap/smapd) Wrapper
21.6 Final CommentsBook Index22.2 sendmail (smap/smapd) Wrapper