From owner-freebsd-security@FreeBSD.ORG Sat Sep 25 09:59:33 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EEEAA16A4CE for ; Sat, 25 Sep 2004 09:59:32 +0000 (GMT) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D60443D39 for ; Sat, 25 Sep 2004 09:59:32 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1] (may be forged))i8P9xOXM028606 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 25 Sep 2004 10:59:24 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)i8P9xNiL028605; Sat, 25 Sep 2004 10:59:23 +0100 (BST) (envelope-from matthew) Date: Sat, 25 Sep 2004 10:59:23 +0100 From: Matthew Seaman To: Derek Ragona Message-ID: <20040925095923.GC2060@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Derek Ragona , Alex de Kruijff , Chris Orr , freebsd-security@freebsd.org References: <6.0.0.22.2.20040924170902.01feb948@mail.computinginnovations.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="7qSK/uQB79J36Y4o" Content-Disposition: inline In-Reply-To: <6.0.0.22.2.20040924170902.01feb948@mail.computinginnovations.com> User-Agent: Mutt/1.4.2.1i X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.5.6 (smtp.infracaninophile.co.uk [IPv6:::1]); Sat, 25 Sep 2004 10:59:24 +0100 (BST) X-Virus-Scanned: clamd / ClamAV version devel-20040904, clamav-milter version 0.75l on smtp.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-security@freebsd.org Subject: Re: ssh security X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Sep 2004 09:59:33 -0000 --7qSK/uQB79J36Y4o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 24, 2004 at 05:09:05PM -0500, Derek Ragona wrote: =20 > I guess I am asking are the tcp wrappers enabled in the default base=20 > system? If the wrappers are not enabled, do I need to build world with= =20 > some special compile option? Look at /usr/src/secure/usr.sbin/sshd/Makefile where it says: LDADD+=3D -lssh -lcrypt -lcrypto -lutil -lz -lwrap ${MINUSLPAM} ^^^^^ Conclusion: tcp-wrappers are enabled by default in the sshd(8) built by the base system. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --7qSK/uQB79J36Y4o Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBVUF7iD657aJF7eIRAkZBAJ9pO9VeXC67RJOLY9HgBA4EyXKFpQCgtP6S wvNBVPnSEsyYUkjk+sV5pbc= =tmSs -----END PGP SIGNATURE----- --7qSK/uQB79J36Y4o--