From owner-cvs-all  Tue Jan 26 11:59:15 1999
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA22125
          for cvs-all-outgoing; Tue, 26 Jan 1999 11:59:15 -0800 (PST)
          (envelope-from owner-cvs-all@FreeBSD.ORG)
Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.65])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA22120;
          Tue, 26 Jan 1999 11:59:09 -0800 (PST)
          (envelope-from mark@grondar.za)
Received: from greenpeace.grondar.za (greenpeace.grondar.za [196.7.18.132])
	by gratis.grondar.za (8.9.2/8.9.2) with ESMTP id VAA73292;
	Tue, 26 Jan 1999 21:59:03 +0200 (SAST)
	(envelope-from mark@grondar.za)
Received: from grondar.za (localhost [127.0.0.1])
	by greenpeace.grondar.za (8.9.2/8.9.2) with ESMTP id VAA50856;
	Tue, 26 Jan 1999 21:59:02 +0200 (SAST)
	(envelope-from mark@grondar.za)
Message-Id: <199901261959.VAA50856@greenpeace.grondar.za>
To: Matthew Dillon <dillon@apollo.backplane.com>
cc: Poul-Henning Kamp <phk@critter.freebsd.dk>,
        Andreas Klemm <andreas@klemm.gtn.com>, Nate Williams <nate@mt.sri.com>,
        cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG
Subject: Re: Small, useful tools (Was: Re: 'cpdup' program, and question) 
In-Reply-To: Your message of " Tue, 26 Jan 1999 11:43:35 PST." <199901261943.LAA20994@apollo.backplane.com> 
References: <27224.917376396@critter.freebsd.dk> <199901261912.VAA50572@greenpeace.grondar.za> <199901261922.LAA20798@apollo.backplane.com> <199901261933.VAA50713@greenpeace.grondar.za>   <199901261943.LAA20994@apollo.backplane.com> 
Date: Tue, 26 Jan 1999 21:59:01 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

Matthew Dillon wrote:
> :What do you mean by that? If the OOB sendmail is linked against libwrap
> :but the default config files cause sendmail to behave exactly as it
> :does without wrappers, is that OK? Or do you object to it being linked
> :against libwrap in the first place?
> 
>     libwrap is ok, at least to a point.  

Agreed. Wrappers are not a panacea, just useful.

>     I've seen people throw in the kitchen sink using tcp wrappers and 
>     create more problems for their systems then they've solved.  It is
>     fairly easy, for example, to attack a system running tcp wrappers
>     which does reverse-ident authentication.  I don't mind something like
>     sendmail doing it - I think that's a good feature, but some people
>     just go completely bonkers with tcp wrappers.

Sure - like with anything. I propose that the initial configs be
conservative (and educational in the comments). After that, if the
luser screws it up, he's on his own.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message