[Rd] question

Telford Tendys telford@progsoc.uts.edu.au
Thu, 16 Mar 2000 10:27:33 +1100


On Wed, Mar 15, 2000 at 04:20:26PM +0100, Erich Neuwirth wrote:
> here is another question (kurt already knows about it).
> i would like to do a client server version
> of R where the server can run on a unix box and the client
> is excel ond a win machine.
> the easiest solution would be running a stdin-stdout version
> of the server through inetd.
> but this is vulnerable.

It isn't too bad if you feed it through the /usr/sbin/tcpd
service which can screen incoming connections (various
filtering rules go into /etc/hosts.allow and /etc/hosts.deny,
see the man page for tcpd). If your local network keeps
static IP numbers then add all the acceptable machines into
your /etc/hosts file so you have a local copy of their IP numbers
and no one can use the DNS to confuse your machine, also make
sure nothing nearby has source-routing switched on.

That is reasonably secure if you can trust the machines which
you are allowing connections from and your routers are set up
in a way that they cannot get confused. It is still possible
for someone to clip their laptop to the local network, use a
false IP number and maybe make a connection but this is pretty
unlikely and you probably will see the person doing it (unless
your local network is completely insecure like ours).

Naturally, using a chroot is a good idea and creating a local
unix user that does only this and owns no files except its
own tree is also a good idea.

	- Tel
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
r-devel mailing list -- Read http://www.ci.tuwien.ac.at/~hornik/R/R-FAQ.html
Send "info", "help", or "[un]subscribe"
(in the "body", not the subject !)  To: r-devel-request@stat.math.ethz.ch
_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._