From owner-freebsd-stable  Wed Jul 28 10: 3:35 1999
Delivered-To: freebsd-stable@freebsd.org
Received: from ulysses.noc.ntua.gr (ulysses.noc.ntua.gr [147.102.222.230])
	by hub.freebsd.org (Postfix) with ESMTP id 0293A154C0
	for <freebsd-stable@FreeBSD.ORG>; Wed, 28 Jul 1999 10:03:27 -0700 (PDT)
	(envelope-from george@dblab.ece.ntua.gr)
Received: from dblab.ece.ntua.gr (ithaca.dbnet.ece.ntua.gr [147.102.12.1])
	by ulysses.noc.ntua.gr (8.9.3/8.9.3) with ESMTP id UAA25422;
	Wed, 28 Jul 1999 20:03:02 +0300 (EEST)
Received: from hawk.dbnet.ece.ntua.gr (hawk.dbnet.ece.ntua.gr [147.102.12.8])
	by dblab.ece.ntua.gr (8.9.3/8.9.3) with ESMTP id UAA34140;
	Wed, 28 Jul 1999 20:03:01 +0300 (EEST)
Received: (from george@localhost)
	by hawk.dbnet.ece.ntua.gr (8.9.3/8.9.2) id UAA60070;
	Wed, 28 Jul 1999 20:03:00 +0300 (EEST)
Date: Wed, 28 Jul 1999 20:02:59 +0300
From: Yiorgos Adamopoulos <adamo@dblab.ece.ntua.gr>
To: Seth <seth@freebie.dp.ny.frb.org>
Cc: freebsd-stable@FreeBSD.ORG
Subject: Re: tcpd, inetd, and hosts.[allow|deny]
Message-ID: <19990728200259.A60026@dblab.ece.ntua.gr>
Reply-To: adamo@dblab.ece.ntua.gr
References: <Pine.BSF.4.10.9907281120500.2516-100000@freebie.dp.ny.frb.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.6i
In-Reply-To: <Pine.BSF.4.10.9907281120500.2516-100000@freebie.dp.ny.frb.org>; from Seth on Wed, Jul 28, 1999 at 11:21:22AM -0400
X-Organization: Knowledge and Data Base Systems Laboratory, National Technical University of Athens, GREECE
X-URL: http://home.eu.org/~adamo
X-Alt-Email: adamo@ieee.org
X-Work-Phone: +30-1-772-1-436
X-Work-FAX: +30-1-772-1-442
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, Jul 28, 1999 at 11:21:22AM -0400, Seth wrote:
> Somewhere along the line (as far as I can tell, somewhere between 
> 3.1-RELEASE and 3.2-STABLE of 6/20), the directories that
> /usr/sbin/tcpdmatch uses to check for tcpd access files changed from
> /usr/local/etc to /etc.  However, tcpd (NOT installed as part of the
> distribution) uses access files in /usr/local/etc.  This inconsistency
> means that some users who rely on /usr/sbin/tcpdmatch to check security
> will get false results, as modern builds (but prior to 7/21) of
> /usr/sbin/tcpdmatch will check /etc as opposed to /usr/local/etc.
> /usr/local/sbin/tcpdmatch, installed with tcpd, checks /usr/local/etc
> correctly.

Peculiar though it may seem, I would call this expected behaviour.  Why?

tcpd is installed from /usr/ports/security/tcp_wrappers right?  So it uses
/usr/local/etc/hosts.{allow,deny} and /usr/local/sbin/tcpdmatch is installed
*with* tcpd from the ports collection.

OTOH, /usr/sbin/tcpdmatch in installed on the *system* (read make World) and
checks /etc/hosts.{allow,deny} since this is what the tcp_wrappers aware inetd
uses (and you need a tcpdmatch to check these, right?).

But if you have tcpd capability in inetd, why do you now need to explicitly
install tcpd?  (That is if you run the FreeBSD inetd).

--
ieee.org!adamo


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message