From owner-freebsd-security Tue Jan 23 00:10:14 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id AAA13535 for security-outgoing; Tue, 23 Jan 1996 00:10:14 -0800 (PST) Received: from fire.stf.org.sg (jseng@fire.stf.org.sg [137.132.19.134]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id AAA13415 for ; Tue, 23 Jan 1996 00:09:13 -0800 (PST) Received: (from jseng@localhost) by fire.stf.org.sg (8.6.12/8.6.9) id QAA15948; Tue, 23 Jan 1996 16:08:07 +0800 Date: Tue, 23 Jan 1996 16:08:06 +0800 (SGT) From: James Seng To: Mark Murray cc: Nathan Lawson , security@FreeBSD.ORG Subject: Re: Ownership of files/tcp_wrappers port In-Reply-To: <199601230627.IAA25371@grumble.grondar.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG Precedence: bulk On Tue, 23 Jan 1996, Mark Murray wrote: > I think this is a damn fine idea. Seconded. Any ISP who does not have > wrappers, and any user who does not consider their use when connecting > to the 'net has a serious problem. Pardon me, but i think otherwise. tcp_wrapper is a fine product. libwrap.a is good to use and could possibly go into the /usr/src/lib path. But tcp_wrapper as itself shouldnt come by default. There are a few reasons, mainly, there are a few ways which tcp_wrapper could be compile (-DPARANOID -DRFC931 etc) which all could affect the behavior of the system and performance. Some site which doesnt run identd might find it worthwhile to turn off reverse auth. Some site which runs machine behind firewall may not be even interested in tcpd. Just remember that it is a good security tools doesnt means everyone would be interested to use it, for some reasons. And there are too many varities of tcpd and i believe each site should customise tcpd to their need. Just some food for thoughts. -James Seng (jseng@stf.org.sg)