Date: Fri, 14 Feb 2020 16:16:53 -0500 From: Ed Maste <emaste@freebsd.org> To: Joey Kelly <joey@joeykelly.net> Cc: freebsd-security@freebsd.org, FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: Early heads-up: plan to remove local patches for TCP Wrappers support in sshd Message-ID: <CAPyFy2BzY=uBaHZS492fpqvo8XPcj3Z-wc45RLbeJw89ncq8dg@mail.gmail.com> In-Reply-To: <4627295.A1yGqSNMk2@deborah> References: <CAPyFy2Die2tynFM3m3-5zBtWAOpHf-QHY-bE2JY7KKGiP8Tz_Q@mail.gmail.com> <4627295.A1yGqSNMk2@deborah>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 14 Feb 2020 at 15:27, Joey Kelly <joey@joeykelly.net> wrote: > > On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote: > > Upstream OpenSSH-portable removed libwrap support in version 6.7, > > released in October 2014. We've maintained a patch in our tree to > > restore it, but it causes friction on each OpenSSH update and may > > introduce security vulnerabilities not present upstream. It's (past) > > time to remove it. > > So color me ignorant, but how does this affect things like DenyHosts? It's independent of denyhosts, fail2ban, blacklistd and similar. TCP wrappers is configured using /etc/hosts.allow and /etc/hosts.deny.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2BzY=uBaHZS492fpqvo8XPcj3Z-wc45RLbeJw89ncq8dg>