Date: Tue, 23 Jan 1996 10:12:30 +0200 From: Mark Murray <mark@grondar.za> To: James Seng <jseng@stf.org.sg> Cc: Mark Murray <mark@grondar.za>, Nathan Lawson <nlawson@statler.csc.calpoly.edu>, security@FreeBSD.ORG Subject: Re: Ownership of files/tcp_wrappers port Message-ID: <199601230812.KAA00547@grumble.grondar.za>
next in thread | raw e-mail | index | archive | help
James Seng wrote: > On Tue, 23 Jan 1996, Mark Murray wrote: > > I think this is a damn fine idea. Seconded. Any ISP who does not have > > wrappers, and any user who does not consider their use when connecting > > to the 'net has a serious problem. > > Pardon me, but i think otherwise. > > tcp_wrapper is a fine product. libwrap.a is good to use and could > possibly go into the /usr/src/lib path. But tcp_wrapper as itself > shouldnt come by default. There are a few reasons, mainly, there are a > few ways which tcp_wrapper could be compile (-DPARANOID -DRFC931 etc) > which all could affect the behavior of the system and performance. Some > site which doesnt run identd might find it worthwhile to turn off reverse > auth. Some site which runs machine behind firewall may not be even > interested in tcpd. Just remember that it is a good security tools doesnt > means everyone would be interested to use it, for some reasons. And > there are too many varities of tcpd and i believe each site should > customise tcpd to their need. If you go through all the utils in FreeBSD, you will find _many_ that are seldom if ever used by some individuals. This does not mean they should not be there. TCP wrappers are ubiquitous enough IMO for them to be included. Many of our utilities have different ways they can be compiled. The trick is to choose the most general one, and fix the code if necessary. (I would quite like to see identd in there as well, but at a _MUCH_ lower priority.) M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 Finger mark@grondar.za for PGP key
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601230812.KAA00547>