From owner-freebsd-bugs  Tue Jul 27  8: 7:15 1999
Delivered-To: freebsd-bugs@freebsd.org
Received: from fed-ef1.frb.gov (fed.frb.gov [132.200.32.32])
	by hub.freebsd.org (Postfix) with ESMTP
	id 864FA151D8; Tue, 27 Jul 1999 08:05:13 -0700 (PDT)
	(envelope-from seth@freebie.dp.ny.frb.org)
Received: by fed-ef1.frb.gov; id LAA03076; Tue, 27 Jul 1999 11:05:02 -0400 (EDT)
Received: from m1pmdf.frb.gov(192.168.3.38) by fed.frb.gov via smap (V4.2)
	id xmad02529; Tue, 27 Jul 99 11:04:40 -0400
Date: Tue, 27 Jul 1999 11:00:50 -0400 (EDT)
From: Seth <seth@freebie.dp.ny.frb.org>
Subject: Re: bin/12819: tcpd hosts.[allow|deny] location inconsistent
In-reply-to: <199907271000.DAA82812@freefall.freebsd.org>
To: sheldonh@FreeBSD.org
Cc: freebsd-bugs@FreeBSD.org
Message-id: <Pine.BSF.4.10.9907271054530.4341-100000@freebie.dp.ny.frb.org>
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Thanks for providing a resolution so quickly.  I have to object, however,
to the implication that I misclassified the severity of this problem.  In
my opinion, if your standard tests (tcpdmatch, etc.) tell you that your
system is denying certain connections, when in fact these connections are
being allowed, you've got a pretty serious security issue.

I installed tcp_wrapper prior to upgrading to 3.2-STABLE, so I'm still
running it the "old" way.  I imagine others are as well.  It's important
to get the word out that the "new" way requires that the
hosts.[allow|deny] files be placed in separate directories.

I'm currently running
3.2-STABLE FreeBSD 3.2-STABLE #4: Fri Jun 11 18:13:14 EDT 1999

with sources built from CTM up to Jun 11, and I had this problem.

Finally, if you go through my previous send-pr's, I think you'll find that
I've always erred on the conservative side when estimating the level of
severity.  I hope you'll agree after reading this that the classification
I submitted was, in retrospect, a fair one.


Thanks again for looking at this issue so quickly.  Is there a fix for
it?

Seth.

On Tue, 27 Jul 1999 sheldonh@FreeBSD.org wrote:

> Synopsis: tcpd hosts.[allow|deny] location inconsistent
> 
> State-Changed-From-To: open->closed
> State-Changed-By: sheldonh
> State-Changed-When: Tue Jul 27 02:56:50 PDT 1999
> State-Changed-Why: 
> The tcpd program is not distributed with FreeBSD as part of the base
> system, since its functionality is built into inetd. It's part of
> the tcp_wrappers port, which you don't need on 3.2-STABLE. Update
> to a recent 3.2-STABLE and check the inetd(8) manpage.
> 
> As an aside, please try to provide realistic Severity fields for your
> PR's. :-)
> 
> Thanks,
> Sheldon.
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message