Date: Wed, 28 Jul 1999 20:02:59 +0300 From: Yiorgos Adamopoulos <adamo@dblab.ece.ntua.gr> To: Seth <seth@freebie.dp.ny.frb.org> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: tcpd, inetd, and hosts.[allow|deny] Message-ID: <19990728200259.A60026@dblab.ece.ntua.gr> In-Reply-To: <Pine.BSF.4.10.9907281120500.2516-100000@freebie.dp.ny.frb.org>; from Seth on Wed, Jul 28, 1999 at 11:21:22AM -0400 References: <Pine.BSF.4.10.9907281120500.2516-100000@freebie.dp.ny.frb.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 28, 1999 at 11:21:22AM -0400, Seth wrote: > Somewhere along the line (as far as I can tell, somewhere between > 3.1-RELEASE and 3.2-STABLE of 6/20), the directories that > /usr/sbin/tcpdmatch uses to check for tcpd access files changed from > /usr/local/etc to /etc. However, tcpd (NOT installed as part of the > distribution) uses access files in /usr/local/etc. This inconsistency > means that some users who rely on /usr/sbin/tcpdmatch to check security > will get false results, as modern builds (but prior to 7/21) of > /usr/sbin/tcpdmatch will check /etc as opposed to /usr/local/etc. > /usr/local/sbin/tcpdmatch, installed with tcpd, checks /usr/local/etc > correctly. Peculiar though it may seem, I would call this expected behaviour. Why? tcpd is installed from /usr/ports/security/tcp_wrappers right? So it uses /usr/local/etc/hosts.{allow,deny} and /usr/local/sbin/tcpdmatch is installed *with* tcpd from the ports collection. OTOH, /usr/sbin/tcpdmatch in installed on the *system* (read make World) and checks /etc/hosts.{allow,deny} since this is what the tcp_wrappers aware inetd uses (and you need a tcpdmatch to check these, right?). But if you have tcpd capability in inetd, why do you now need to explicitly install tcpd? (That is if you run the FreeBSD inetd). -- ieee.org!adamo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990728200259.A60026>