[2026] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Problem with TCP_wrappers

daemon@ATHENA.MIT.EDU (Jan-Philip Velders)
Wed Aug 5 05:02:02 1998

Date: Wed, 5 Aug 1998 10:30:03 +0200 (CEST)
From: Jan-Philip Velders <jpv@jvelders.tn.tudelft.nl>
To: linux-security@redhat.com
cc: jpv@aacc.nl
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

Hi,

I'm running into something weird here.
I'm using RH5.1 with tcp_wrappers 7.6.

The syntax for hosts.allow and hosts.deny is:
<service list> : <access list> [ : <shell_command> ]

Everything works when I _don't_ use the shell_command.
I used the _exact_ line as in the man-pages utilising "safe_finger" (comes
with tcp_wrappers), tcpdchk will break on it. And the tcp_wrappers will
"ignore" the line, in my test I used a default deny and opened up ftp to
all and put the safe_finger line in; result: I can't ftp to localhost or
from any other machine via TCP/IP...

Does anybody know if this is standard behaviour under RH5.1 ?
I do like to use the feature to log all the info tcp_wrappers can obtain
about the remote-side.
The tcp_wrappers also have a special compile-time-option which gives more
functionality with all the rules, but then you have to combine all the rules
into _one_ file "hosts.access" (I think!), and hosts.{allow,deny} don;t
function. But it doesn't look like it's compiled that way
(-DPROCESS_OPTIONS)...

Can somebody shine a light on this ?
Thanks in advance!

Greetings,
Jan-Philip Velders

<jpv@aacc.nl
<jpv@jvelders.tn.tudelft.nl>
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
| Nederlandse Linux GebruikersGroep : http://www.nllgg.nl |
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post