From owner-freebsd-security  Thu Mar 22 14:27: 0 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mr200.netcologne.de (mr200.netcologne.de [194.8.194.109])
	by hub.freebsd.org (Postfix) with ESMTP id 5352637B71D
	for <freebsd-security@FreeBSD.ORG>; Thu, 22 Mar 2001 14:26:57 -0800 (PST)
	(envelope-from pherman@frenchfries.net)
Received: from husten.security.at12.de (dial-213-168-96-54.netcologne.de [213.168.96.54])
	by mr200.netcologne.de (Mirapoint)
	with ESMTP id ACW48244;
	Thu, 22 Mar 2001 23:26:52 +0100 (CET)
Received: from localhost (localhost.security.at12.de [127.0.0.1])
	by husten.security.at12.de (8.11.3/8.11.2) with ESMTP id f2MMQgE98334;
	Thu, 22 Mar 2001 23:26:42 +0100 (CET)
	(envelope-from pherman@frenchfries.net)
Date: Thu, 22 Mar 2001 23:26:42 +0100 (CET)
From: Paul Herman <pherman@frenchfries.net>
To: Peter Avalos <pavalos@theshell.com>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: RE: Multiple vendors FTP denial of service
In-Reply-To: <AAEMIFFLKPKLAOJHJANHAEPJEEAA.pavalos@theshell.com>
Message-ID: <Pine.BSF.4.33.0103222315350.14957-100000@husten.security.at12.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 22 Mar 2001, Peter Avalos wrote:

> > > The reality that only a select few daemons use /etc/login.conf
> > > is admittedly counter-intuitive.  Perhaps this is more of a job
>
> Does cron use login.conf?

Yep.

It's one good reason to stick with the good ol' BSD standbys in the
base system (ftpd, cron, inetd, etc...) rather than port replacements
which are not natively LOGIN_CAP aware.

There are exceptions.  The "user [username]" option in hosts.allow
*doesn't* switch login classes.  In fact, most (all?) programs in
/usr/src/contrib are not LOGIN_CAP aware.  sendmail is an exception.

-Paul.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message