Date: Wed, 10 Sep 1997 18:31:11 +0200 From: Mark Murray <mark@grondar.za> To: Andreas Klemm <andreas@klemm.gtn.com> Cc: Mark Murray <mark@grondar.za>, ports@FreeBSD.ORG Subject: Re: Major bogon in tcp_wrappers port. Message-ID: <199709101631.SAA00382@greenpeace.grondar.za>
next in thread | raw e-mail | index | archive | help
Andreas Klemm wrote: [ MarkM suggesting we bring tcp_wrappers into the "mainstream"] > You're right, I'd vote for it as well. > On the other hand ... how much overhead does it bring ? Not much. Physically, the files are not big. They do not take much time to compile. They _do_ add some latency to your daemon's startup, except in the case where the app is linked against libwrap. (Sendmail has such hooks, so does ssh (and I believe cvsupd as well?)) > Every time when an inetd related service is being started, > the (of course small) tcpd program has to be executed. Sure. You can configure your system suchg that the wrappers are not used, if you prefer. > Does it have to read and interpret sample /etc/hosts.allow > and /etc/hosts.deny files, that might/should/could be created > in /etc ? If not present, these default to "allow everything". > And ... which inetd related server programs do we want to > protect, only some or all ? Negotiable. I kinda like the idea if two files - inetd.conf.dist and inetd.conf.wrap.dist, and some install option to choose one. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709101631.SAA00382>