Date: Thu, 29 Jul 1999 10:04:45 -0400 (EDT) From: Seth <seth@freebie.dp.ny.frb.org> To: Mark Murray <mark@grondar.za> Cc: Yiorgos Adamopoulos <adamo@dblab.ece.ntua.gr>, freebsd-stable@FreeBSD.ORG Subject: Re: tcpd, inetd, and hosts.[allow|deny] Message-ID: <Pine.BSF.4.10.9907290935060.5876-100000@freebie.dp.ny.frb.org> In-Reply-To: <199907290631.IAA34914@gratis.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Then I can't explain why, on my June 11 build, I had /usr/sbin/tcpdmatch, /usr/sbin/tcpdchk, but no wrapped inetd or tcpd other than /usr/local/libexec/tcpd. Nor did I have anything in my inetd manpage indicating -W or -w support. I also had, from the tcpd install, /usr/local/sbin/tcpdmatch and /usr/local/sbin/tcpdchk. From the cvs repository, on March 14, v1.1 by markm: "Build tcp_wappers' userland. I am not building tcpd, because in a day or two, inetd will gain the necessary functionality. At that stage, I'll make wrapping the default for sendmail and portmapper as well." However, inetd didn't gain the necessary *command-line* functionality until July 21. It was there before (buggy on March 28?), but it required a rebuild of inetd with compile-time options, which were not passed by default. Thus, users who were unaware that inetd needed to be rebuilt with new options suddenly found themselves with userland tcpdchk and tcpdmatch that didn't do anything. I'd wager that most users were unaware that these two files had even migrated to userland on March 14. In any case, my 6/11 build didn't even have -w or -W in the inetd manpages. The man page updates appear to have come on June 17, v1.9., and June 22 (I'm not a CVS guru, so I can't be 100% sure). The long and short of it is this: users who built world after March 14 but before July 22, AND who didn't change inetd's Makefile to build inetd with the proper flags, wound up in a (potentially) precarious position. If you'd like, I can show you an example of a system (not mine; I've since upgraded) where this is the case. SB On Thu, 29 Jul 1999, Mark Murray wrote: > > However, my first point was that prior to the introduction of the > > wrapped inetd, tcpdmatch and tcpdcheck were provided -- WITHOUT an > > accompanying tcpd -- in /usr/sbin. > > Wrong. > > When I pulled wrappers into the base system, inetd was done _at_the_ > _same_time_. > > M > -- > Mark Murray > Join the anti-SPAM movement: http://www.cauce.org > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9907290935060.5876-100000>