Wietse's tools and papers

This site is located in White Plains, New York, USA. It is kindly hosted by Cloud 9 Consulting, Inc.

Some files have a (separate) PGP signature to protect you against trojanized versions.

This is my PGP public key. You can reach me personally as wietse@porcupine.org

Disclaimer

I wrote many of the tools in this archive, but I can't give any warranty on the absence of bugs. Use at your own risk.

Table of Contents

Wietse's Tools

Postfix

Postfix is Wietse Venema's attempt to provide an alternative to the widely-used Sendmail program. Sendmail is responsible for delivery of billions of e-mail messages daily. A stunning number.

Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users.

SATAN (satan-1.1.1.tar.Z) | README file | PGP signature

For more than one year, the most famous piece of Internet vaporware. SATAN closes much of the knowledge gap between intruders and system administrators, by proposing how to fix problems. CERT-UU wrote a nice overview of the program, of vendor bulletins, and of alternative archive sites. Additional information can be found on this really slow site. This unusual program is the result of an even more unusual cooperation between unusual people: Wietse Venema and Dan Farmer.

TCP Wrapper (tcp_wrappers_7.6.tar.gz) | BLURB file | PGP signature

IPV6 version by Casper Dik (tcp_wrappers_7.6-ipv6.tar.gz) | PGP signature

Wietse Venema's network logger, also known as TCPD or LOG_TCP. These programs log the client host name of incoming telnet, ftp, rsh, rlogin, finger etc. requests. Security options are: access control per host, domain and/or service; detection of host name spoofing or host address spoofing; booby traps to implement an early-warning system. The current version supports the System V.4 TLI network programming interface (Solaris, DG/UX) in addition to the traditional BSD sockets.

Chrootuid (chrootuid1.2.shar.Z) | BLURB file | PGP signature

Chrootuid makes it easy to run a network service at low privilege level and with restricted file system access. At Eindhoven University we use this program to run the gopher and www (world-wide web) network daemons in a minimal environment: the daemons have access only to their own directory tree, and run under a low-privileged userid. The arrangement greatly reduces the impact of possible loopholes in daemon software.

Portmap (portmap_4.tar.gz) | BLURB file | PGP signature

Replacement portmapper with access control. Makes it somewhat harder to attack your RPC daemons, for example to steal YP password maps or NFS file handles. Must be linked against a library produced with a recent tcp wrapper release (see above). Tested with SunOS 4.1.x. Also supports HP-UX 9.0, AIX 3.x (bsdcc compiler with -D_SUN), AIX 4.x and Digital UNIX (OSF/1). If you run SunOS 4, the securelib library (see above) is better because it can also cope with direct attacks on your RPC daemons (i.e. attacks without assistance from portmap).

Rpcbind (rpcbind_2.1.tar.gz) | README file | PGP signature

Replacement rpcbind program (the System V.4 portmapper) that prevents intruders from bypassing your NFS export restrictions. Derived from a legal copy of the SunOS 5.3 rpcbind source code. This version refuses requests sent by remote clients to TCP or UDP ports other than 111.

Logdaemon (logdaemon-5.8.tar.gz) | README file | PGP signature

Unproto (unproto5.shar.Z)

A wrapper program that upgrades your traditional C compiler to something that understands a very large subset of ANSI C, including stdarg-style variadic functions. The program is a wrapper around the C preprocessor that on the fly translates ANSI C to traditional C. It comes with a set of ANSI-compatible include files.

Yapasswd (yapasswd.tar.Z) | PGP signature

Yet another password command for SunOS 4.x and 5.x. No shadow support, uses insecure NIS, but we depend on it anyway.

Agetty (agetty.shar.Z)

A flexible getty (portmon) replacement for System V Release 2, SunOS 4.x, and SunOS 5.x. Automagically adapts to parity settings, erase characters etcetera. This is another program that my sanity depends on when I hook up modems or terminals to my own machines.

Wietse's Papers

murphy.ps.gz (postscript)
murphy.txt.gz (ascii)

"Murphy's law and computer security", a paper presented at the Sixth USENIX Security Symposium (San Jose, July 1996). The title should have been "Lessons learned from errors in my own software and from those by other people", but that did not sound as sexy.

admin-guide-to-cracking.101.Z (ascii)

Slightly updated version of an article that was posted to Usenet on December 2, 1993, titled: "Improving the security of your site by breaking into it." by Dan Farmer and Wietse Venema. The paper explains to the administrator what crackers have known for a long time.

The paper also announces a piece of security software called SATAN (Security Administrator Tool for Analyzing Networks). It took the authors more than a year to fulfill their promise.

SATAN demo release (satan_doc.tar.Z) | README file | PGP signature

Updated version of the SATAN documentation release on March 15, 1995. This archive contains a sample database that illustrates a lot of the problems that SATAN can find for you.

tcp_wrapper.ps.Z (postscript)
tcp_wrapper.txt.Z (ascii)

Presented at the 3rd UNIX Security Symposium (Baltimore, September 1992). Describes the development of the TCP Wrapper tool (aka the log_tcp package) to trace a malicious Dutch computer cracker (see also: An evening with Berferd by Bill Cheswick).

tcp_wrapper.dutch.ps.Z (postscript)
tcp_wrapper.dutch.txt.Z (ascii)

Text (in Dutch!) of a presentation given at the 23 april 1992 security meeting of the NLUUG (Dutch UNIX users group) and SURF (network provider for the Dutch universities).