Date: Tue, 2 May 1995 01:59:06 -0700 (PDT) From: bmk@dtr.com To: questions@FreeBSD.org Subject: ypserv & tcpd issues Message-ID: <199505020859.BAA25589@dtr.com>
next in thread | raw e-mail | index | archive | help
I've recently added NIS support to my small network in anticipation of adding more hosts. Naturally, I'm concerned about the security implications, and was quite happy when I found that ypserv contains support for tcp_wrappers (tcpd). Unfortunately, I haven't been able to actually get it to work. :( The man page has this to say about tcpd support: | Security | ypserv has support for Wietse Venema's tcpwrapper package built in, | though it is not compiled in by default since the tcpwrapper package is | not distributed with FreeBSD. However, if you have libwrap.a and tcpd.h, | you can easily recompile ypserv with them, thereby enabling its 'se- | curenets' features: you can configure ypserv to only handle resquests | from machines listed in the tcpwrapper configuration files, which would | help limit vulnerability to the first limitation listed above. I was running tcpd 6.3, which doesn't have the required tcpd.h, so I upgraded to tcpd 7.0 - this went without a hitch. I linked tcpd.h to the ypserv source directory and modified the makefile as follows: |CFLAGS+=-Wall -DTCP_WRAPPER=1 -DTCPW_FACILITY=LOG_AUTH |CFLAGS+=-DINSTDIR='"/usr/sbin"' -L/usr/local/lib -lwrap Running make results in the following: root (100) % make cc -O2 -Wall -DTCP_WRAPPER=1 -DTCPW_FACILITY=LOG_AUTH -DINSTDIR='"/usr/sbin"' -L/usr/local/lib -lwrap -c dnslookup.c cc: -lwrap: linker input file unused since linking not done cc -O2 -Wall -DTCP_WRAPPER=1 -DTCPW_FACILITY=LOG_AUTH -DINSTDIR='"/usr/sbin"' -L/usr/local/lib -lwrap -c yp_svc.c cc: -lwrap: linker input file unused since linking not done cc -O2 -Wall -DTCP_WRAPPER=1 -DTCPW_FACILITY=LOG_AUTH -DINSTDIR='"/usr/sbin"' -L/usr/local/lib -lwrap -c yp_xdr.c cc: -lwrap: linker input file unused since linking not done cc -O2 -Wall -DTCP_WRAPPER=1 -DTCPW_FACILITY=LOG_AUTH -DINSTDIR='"/usr/sbin"' -L/usr/local/lib -lwrap -c server.c cc: -lwrap: linker input file unused since linking not done cc -O2 -Wall -DTCP_WRAPPER=1 -DTCPW_FACILITY=LOG_AUTH -DINSTDIR='"/usr/sbin"' -L/usr/local/lib -lwrap -o ypserv dnslookup.o yp_svc.o yp_xdr.o server.o server.o: Undefined symbol `_hosts_ctl' referenced from text segment *** Error code 1 The most obvious question I have is why am I getting the 'Undefined symbol' error - the hosts_ctl function seems to exist in libwrap.a. The second question relates to my Makefile changes - I know that they're less than optimal. Obviously, the '-L/usr/local/lib -lwrap' portion should only get used at link time - is there a makefile directive to add link-only options?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199505020859.BAA25589>