From owner-freebsd-ports Wed Sep 10 15:04:45 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id PAA00926 for ports-outgoing; Wed, 10 Sep 1997 15:04:45 -0700 (PDT) Received: from onizuka.tb.9715.org (pzeCtd+xHddoJgH5c3jnPaBQVaOtpsS7@onizuka.tb.9715.org [194.97.84.67]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA00919 for ; Wed, 10 Sep 1997 15:04:39 -0700 (PDT) Received: by onizuka.tb.9715.org via sendmail with stdio id for ports@freebsd.org; Thu, 11 Sep 1997 00:03:44 +0200 (CEST) Message-Id: From: torstenb@onizuka.tb.9715.org (Torsten Blum) Subject: Re: Major bogon in tcp_wrappers port. In-Reply-To: <199709101631.SAA00382@greenpeace.grondar.za> from Mark Murray at "Sep 10, 97 06:31:11 pm" To: mark@grondar.za (Mark Murray) Date: Thu, 11 Sep 1997 00:03:44 +0200 (CEST) Cc: andreas@klemm.gtn.com, ports@freebsd.org X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ports@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Mark Murray wrote: > > You're right, I'd vote for it as well. > > On the other hand ... how much overhead does it bring ? > > Not much. Physically, the files are not big. They do not take > much time to compile. They _do_ add some latency to your daemon's > startup, except in the case where the app is linked against libwrap. > > (Sendmail has such hooks, so does ssh (and I believe cvsupd as well?)) Uh, I tought this was a joke... Why should we move tcpwrapper to the base system ? I can't see an advantage here. tcpd is an easy "plug in" and one of it's "advantages" is that you just have to change inetd.conf - no compile-time changes. It's harder to configure hosts.{allow,deny} then changing inetd.conf. > > Every time when an inetd related service is being started, > > the (of course small) tcpd program has to be executed. > > Sure. You can configure your system suchg that the wrappers are not > used, if you prefer. Aeh, that's why we have the ports tree. If something is really optional and you just have to change a config file why should it be moved to the base system ? > > And ... which inetd related server programs do we want to > > protect, only some or all ? > > Negotiable. I kinda like the idea if two files - inetd.conf.dist and > inetd.conf.wrap.dist, and some install option to choose one. We don't need to have tcpwrapper in the base system to provide an example config file. confused -tb