From owner-freebsd-stable  Thu Jul 29  7: 7:43 1999
Delivered-To: freebsd-stable@freebsd.org
Received: from fed-ef1.frb.gov (fed.frb.gov [132.200.32.32])
	by hub.freebsd.org (Postfix) with ESMTP id 536D9155BD
	for <freebsd-stable@FreeBSD.ORG>; Thu, 29 Jul 1999 07:07:40 -0700 (PDT)
	(envelope-from seth@freebie.dp.ny.frb.org)
Received: by fed-ef1.frb.gov; id KAA15761; Thu, 29 Jul 1999 10:05:32 -0400 (EDT)
Received: from m1pmdf.frb.gov(192.168.3.38) by fed.frb.gov via smap (V4.2)
	id xma015374; Thu, 29 Jul 99 10:04:59 -0400
Date: Thu, 29 Jul 1999 10:04:45 -0400 (EDT)
From: Seth <seth@freebie.dp.ny.frb.org>
Subject: Re: tcpd, inetd, and hosts.[allow|deny]
In-reply-to: <199907290631.IAA34914@gratis.grondar.za>
To: Mark Murray <mark@grondar.za>
Cc: Yiorgos Adamopoulos <adamo@dblab.ece.ntua.gr>,
	freebsd-stable@FreeBSD.ORG
Message-id: <Pine.BSF.4.10.9907290935060.5876-100000@freebie.dp.ny.frb.org>
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Then I can't explain why, on my June 11 build, I had /usr/sbin/tcpdmatch,
/usr/sbin/tcpdchk, but no wrapped inetd or tcpd other than
/usr/local/libexec/tcpd.  Nor did I have anything in my inetd manpage
indicating -W or -w support.

I also had, from the tcpd install, /usr/local/sbin/tcpdmatch and
/usr/local/sbin/tcpdchk.

From the cvs repository, on March 14, v1.1 by markm:

"Build tcp_wappers' userland.  I am not building tcpd, because in a day or
two, inetd will gain the necessary functionality.  At that stage, I'll
make wrapping the default for sendmail and portmapper as well."

However,  inetd didn't gain the necessary *command-line* functionality
until July 21.  It was there before (buggy on March 28?), but it required
a rebuild of inetd with compile-time options, which were not passed by
default.  Thus, users who were unaware that inetd needed to be rebuilt
with new options suddenly found themselves with userland tcpdchk and
tcpdmatch that didn't do anything.  I'd wager that most users were unaware
that these two files had even migrated to userland on March 14.

In any case, my 6/11 build didn't even have -w or -W in the inetd
manpages.  The man page updates appear to have come on June 17, v1.9., and
June 22 (I'm not a CVS guru, so I can't be 100% sure).

The long and short of it is this:  users who built world after March 14
but before July 22, AND who didn't change inetd's Makefile to build inetd
with the proper flags, wound up in a (potentially) precarious position.

If you'd like, I can show you an example of a system (not mine; I've since
upgraded) where this is the case.

SB

On Thu, 29 Jul 1999, Mark Murray wrote:

> >         However, my first point was that prior to the introduction of the
> > wrapped inetd, tcpdmatch and tcpdcheck were provided -- WITHOUT an
> > accompanying tcpd -- in /usr/sbin.
> 
> Wrong.
> 
> When I pulled wrappers into the base system, inetd was done _at_the_
> _same_time_.
> 
> M
> --
> Mark Murray
> Join the anti-SPAM movement: http://www.cauce.org
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message