Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 28 Jul 1999 20:02:59 +0300
From:      Yiorgos Adamopoulos <adamo@dblab.ece.ntua.gr>
To:        Seth <seth@freebie.dp.ny.frb.org>
Cc:        freebsd-stable@FreeBSD.ORG
Subject:   Re: tcpd, inetd, and hosts.[allow|deny]
Message-ID:  <19990728200259.A60026@dblab.ece.ntua.gr>
In-Reply-To: <Pine.BSF.4.10.9907281120500.2516-100000@freebie.dp.ny.frb.org>; from Seth on Wed, Jul 28, 1999 at 11:21:22AM -0400
References:  <Pine.BSF.4.10.9907281120500.2516-100000@freebie.dp.ny.frb.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Wed, Jul 28, 1999 at 11:21:22AM -0400, Seth wrote:
> Somewhere along the line (as far as I can tell, somewhere between 
> 3.1-RELEASE and 3.2-STABLE of 6/20), the directories that
> /usr/sbin/tcpdmatch uses to check for tcpd access files changed from
> /usr/local/etc to /etc.  However, tcpd (NOT installed as part of the
> distribution) uses access files in /usr/local/etc.  This inconsistency
> means that some users who rely on /usr/sbin/tcpdmatch to check security
> will get false results, as modern builds (but prior to 7/21) of
> /usr/sbin/tcpdmatch will check /etc as opposed to /usr/local/etc.
> /usr/local/sbin/tcpdmatch, installed with tcpd, checks /usr/local/etc
> correctly.

Peculiar though it may seem, I would call this expected behaviour.  Why?

tcpd is installed from /usr/ports/security/tcp_wrappers right?  So it uses
/usr/local/etc/hosts.{allow,deny} and /usr/local/sbin/tcpdmatch is installed
*with* tcpd from the ports collection.

OTOH, /usr/sbin/tcpdmatch in installed on the *system* (read make World) and
checks /etc/hosts.{allow,deny} since this is what the tcp_wrappers aware inetd
uses (and you need a tcpdmatch to check these, right?).

But if you have tcpd capability in inetd, why do you now need to explicitly
install tcpd?  (That is if you run the FreeBSD inetd).

--
ieee.org!adamo


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990728200259.A60026>