From owner-freebsd-security  Tue Jan 23 00:18:21 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id AAA14050
          for security-outgoing; Tue, 23 Jan 1996 00:18:21 -0800 (PST)
Received: from grumble.grondar.za (root@grumble.grondar.za [196.7.18.130])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id AAA14041
          for <security@FreeBSD.ORG>; Tue, 23 Jan 1996 00:18:13 -0800 (PST)
Received: from localhost (mark@localhost [127.0.0.1]) by grumble.grondar.za (8.7.3/8.7.3) with SMTP id KAA00547; Tue, 23 Jan 1996 10:12:31 +0200 (SAT)
Message-Id: <199601230812.KAA00547@grumble.grondar.za>
X-Authentication-Warning: grumble.grondar.za: Host mark@localhost [127.0.0.1] didn't use HELO protocol
To: James Seng <jseng@stf.org.sg>
cc: Mark Murray <mark@grondar.za>,
        Nathan Lawson <nlawson@statler.csc.calpoly.edu>, security@FreeBSD.ORG
Subject: Re: Ownership of files/tcp_wrappers port 
Date: Tue, 23 Jan 1996 10:12:30 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-security@FreeBSD.ORG
Precedence: bulk

James Seng wrote:
> On Tue, 23 Jan 1996, Mark Murray wrote:
> > I think this is a damn fine idea. Seconded. Any ISP who does not have
> > wrappers, and any user who does not consider their use when connecting
> > to the 'net has a serious problem.
> 
> Pardon me, but i think otherwise. 
> 
> tcp_wrapper is a fine product. libwrap.a is good to use and could 
> possibly go into the /usr/src/lib path. But tcp_wrapper as itself 
> shouldnt come by default. There are a few reasons, mainly, there are a 
> few ways which tcp_wrapper could be compile (-DPARANOID -DRFC931 etc)
> which all could affect the behavior of the system and performance. Some 
> site which doesnt run identd might find it worthwhile to turn off reverse 
> auth. Some site which runs machine behind firewall may not be even 
> interested in tcpd. Just remember that it is a good security tools doesnt 
> means everyone would be interested to use it, for some reasons. And 
> there are too many varities of tcpd and i believe each site should 
> customise tcpd to their need.

If you go through all the utils in FreeBSD, you will find _many_ that
are seldom if ever used by some individuals. This does not mean they
should not be there. TCP wrappers are ubiquitous enough IMO for them
to be included.

Many of our utilities have different ways they can be compiled. The
trick is to choose the most general one, and fix the code if
necessary.

(I would quite like to see identd in there as well, but at a _MUCH_
lower priority.)

M

--
Mark Murray
46 Harvey Rd, Claremont, Cape Town 7700, South Africa
+27 21 61-3768 GMT+0200
Finger mark@grondar.za for PGP key