NAME

iwrap - wrapper for programs started by inetd

SYNOPSIS

 iwrap [-s sockpath] [-c progspec] [-a] [prog args ...]

DESCRIPTION

iwrap is a UNIX utility used to wrap programs in inetd.conf or any other situation where a connected TCP socket is present on file descriptor zero.

If the connection is from the loopback interface (IP address 127.0.0.1), iwrap execs the program. If not, iwrap passes the incoming socket over a UNIX domain socket and exits.

iwrap is primarily used to help in the securing of applications started by inetd. If a certain service is wrapped in inetd.conf and a connection from the network interface arrives, the connected socket is passed to a UNIX domain socket to which catd should be listening. Catd can then start an Agent and pass the connected socket to it. The Agent will try to connect to the application via the loopback interface and iwrap will now accept it and start the wrapped program.

OPTIONS

-s sockpath
Set the location for the ``pass'' socket.

-c program specification
Compact specification of program. The compact program specification is a single string, with program and arguments separated by a separator character. The separator is the first character in the string, thus:

 -ac ,/usr/openwin/bin/appserver,appserver,-noauth,-inetd
 -c :/usr/openwin/bin/appserver:-noauth:-inetd

both become:

 /usr/openwin/bin/appserver appserver -noauth -inetd

-a
Indicates that the program name (argv[0]) is included in the argument list. Iwrap will otherwise supply the base name of the path to the program as argv[0].

DIAGNOSTICS

On error, iwrap will print diagnostic messages to stderr. These messages can be viewed by connecting to the port using telnet.

SEE ALSO

catd

inetd, inetd.conf

NOTES

Iwrap works only on UNIX.