Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Jul 1999 11:00:50 -0400 (EDT)
From:      Seth <seth@freebie.dp.ny.frb.org>
To:        sheldonh@FreeBSD.org
Cc:        freebsd-bugs@FreeBSD.org
Subject:   Re: bin/12819: tcpd hosts.[allow|deny] location inconsistent
Message-ID:  <Pine.BSF.4.10.9907271054530.4341-100000@freebie.dp.ny.frb.org>
In-Reply-To: <199907271000.DAA82812@freefall.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for providing a resolution so quickly.  I have to object, however,
to the implication that I misclassified the severity of this problem.  In
my opinion, if your standard tests (tcpdmatch, etc.) tell you that your
system is denying certain connections, when in fact these connections are
being allowed, you've got a pretty serious security issue.

I installed tcp_wrapper prior to upgrading to 3.2-STABLE, so I'm still
running it the "old" way.  I imagine others are as well.  It's important
to get the word out that the "new" way requires that the
hosts.[allow|deny] files be placed in separate directories.

I'm currently running
3.2-STABLE FreeBSD 3.2-STABLE #4: Fri Jun 11 18:13:14 EDT 1999

with sources built from CTM up to Jun 11, and I had this problem.

Finally, if you go through my previous send-pr's, I think you'll find that
I've always erred on the conservative side when estimating the level of
severity.  I hope you'll agree after reading this that the classification
I submitted was, in retrospect, a fair one.


Thanks again for looking at this issue so quickly.  Is there a fix for
it?

Seth.

On Tue, 27 Jul 1999 sheldonh@FreeBSD.org wrote:

> Synopsis: tcpd hosts.[allow|deny] location inconsistent
> 
> State-Changed-From-To: open->closed
> State-Changed-By: sheldonh
> State-Changed-When: Tue Jul 27 02:56:50 PDT 1999
> State-Changed-Why: 
> The tcpd program is not distributed with FreeBSD as part of the base
> system, since its functionality is built into inetd. It's part of
> the tcp_wrappers port, which you don't need on 3.2-STABLE. Update
> to a recent 3.2-STABLE and check the inetd(8) manpage.
> 
> As an aside, please try to provide realistic Severity fields for your
> PR's. :-)
> 
> Thanks,
> Sheldon.
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9907271054530.4341-100000>