From owner-freebsd-current@FreeBSD.ORG Sat Jul 5 12:18:06 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CBDFF37B401 for ; Sat, 5 Jul 2003 12:18:06 -0700 (PDT) Received: from mail.westbend.net (ns1.westbend.net [216.47.253.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id E0F6D43FE9 for ; Sat, 5 Jul 2003 12:18:05 -0700 (PDT) (envelope-from hetzels@westbend.net) Received: from ADMIN00 (admin00.westbend.net [216.47.253.17]) by mail.westbend.net (8.12.9/8.12.9) with SMTP id h65JI2HZ004026; Sat, 5 Jul 2003 14:18:02 -0500 (CDT) (envelope-from hetzels@westbend.net) Message-ID: <001801c3432a$d5a23250$11fd2fd8@westbend.net> From: "Scot W. Hetzel" To: "Vincent Poy" References: <20030704173607.S3146-100000@oahu.WURLDLINK.NET> Date: Sat, 5 Jul 2003 14:22:48 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Virus-Scanned: by amavisd-milter (http://amavis.org/) X-Spam-Status: No, hits=0.5 required=8.0 tests=REFERENCES,SPAM_PHRASE_00_01,USER_AGENT_OE version=2.43 cc: current@freebsd.org Subject: Re: src/libexec/tcpd doesn't work correctly with -DPROCESS_OPTIONS X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Jul 2003 19:18:07 -0000 From: "Vincent Poy" > Any ideas? > > According to the inetd man page: TCP Wrappers When given the -w option, inetd will wrap all services specified as ``stream nowait'' or ``dgram'' except for ``internal'' services. If the -W option is given, such ``internal'' services will be wrapped. If both options are given, wrapping for both internal and external services will be enabled. Either wrapping option will cause failed connections to be logged to the ``auth'' syslog facility. Adding the -l flag to the wrap- ping options will include successful connections in the logging to the ``auth'' facility. : When wrapping is enabled, the tcpd daemon is not required, as that func- tionality is builtin. ..... Also, /etc/defaults/rc.conf shows that inetd_flags has both '-w' and '-W' flags set. If you are using the default flags to inetd, then you don't need to use tcpd to wrap your telnetd session. Did you change your inetd_flags? I just tested the bultin tcp_wrappers in inetd, and had no problem with adding a banner to my ftpd and telnetd daemons without using the tcpd daemon. But, when I changed the service to: ftp stream tcp nowait root /usr/libexec/tcpd ftpd -l and then killed -HUP the inetd process, the inetd process wanted the banner file to be called 'tcpd' instead of 'ftpd'. I also killed inetd, and started it with no flags. But when I connected to the ftpd process, tcpd didn't display the banner (both tcpd and ftpd banner files were installed into the banner directory). So it looks like tcpd is broken when it comes to displaying banners. I suggest you use inetd's builtin TCP Wrappers support, and forget using tcpd. Scot