iwrap [-s sockpath] [-c progspec] [-a] [prog args ...]
inetd.conf
or any other situation where a connected TCP socket is present on file
descriptor zero.
If the connection is from the loopback interface (IP address 127.0.0.1), iwrap execs the program. If not, iwrap passes the incoming socket over a UNIX domain socket and exits.
iwrap is primarily used to help in the securing of applications started by
inetd. If a certain service is wrapped in inetd.conf
and a connection from the network interface arrives, the connected socket
is passed to a UNIX domain socket to which catd should be listening. Catd can then start an Agent and pass the connected socket to it. The Agent will
try to connect to the application via the loopback interface and iwrap will now accept it and start the wrapped program.
-ac ,/usr/openwin/bin/appserver,appserver,-noauth,-inetd -c :/usr/openwin/bin/appserver:-noauth:-inetd
both become:
/usr/openwin/bin/appserver appserver -noauth -inetd
argv[0]
) is included in the argument list. Iwrap will otherwise supply the base name of the path to the program as argv[0]
.
inetd, inetd.conf