[2027] in linux-security and linux-alert archive
[linux-security] Re: Problem with TCP_wrappers
daemon@ATHENA.MIT.EDU (Jan Kasprzak)
Wed Aug 5 12:08:47 1998
To: Jan-Philip Velders <jpv@jvelders.tn.tudelft.nl>
Cc: linux-security@redhat.com
In-reply-to: Your message of "Wed, 05 Aug 1998 10:30:03 +0200."
<Pine.LNX.3.96.980805102226.960A-100000@jp-gp.vsi.nl>
Date: Wed, 05 Aug 1998 16:11:59 +0200
From: Jan Kasprzak <kas@informatics.muni.cz>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
Jan-Philip Velders wrote:
[...]
: I'm using RH5.1 with tcp_wrappers 7.6.
[...]
: The tcp_wrappers also have a special compile-time-option which gives more
: functionality with all the rules, but then you have to combine all the rules
: into _one_ file "hosts.access" (I think!), and hosts.{allow,deny} don;t
: function. But it doesn't look like it's compiled that way
: (-DPROCESS_OPTIONS)...
I think tcp_wrappers 7.6 was built using -DPROCESS_OPTIONS.
At least the "twist" keyword works for me in hosts.{allow,deny}
(see the hosts_options(5) manpage). I don't know anything about the
hosts.access file, though.
When we are on this topic, I am still having problems with
the "setenv" keyword in the hosts.{allow,deny}. It simply does not
work for me. I have tried to use the "setenv" keyword for qmail's incoming
mail:
tcp-env: ALL@.local.domain : setenv RELAYCLIENT
The environment variable is not set for the tcp-env.
I have to change this line to the following:
tcp-env: ALL@.local.domain : twist /path/relayclient
where the /path/relayclient is the following script
#!/bin/bash
export RELAYCLIENT
/var/qmail/bin/tcp-env ... ...
It works, but gives me a "twist" syslog message for each connection.
On RH4.2 the tcp_wrappers' setenv worked OK. In 5.0 and 5.1 it does not
work.
-Yenya
--
\ Jan "Yenya" Kasprzak <kas at fi.muni.cz> http://www.fi.muni.cz/~kas/
\\ PGP: finger kas at aisa.fi.muni.cz 0D99A7FB206605D7 8B35FCDE05B18A5E //
\\\ Czech Linux Homepage: http://www.linux.cz/ ///
If there are race conditions in programs fix them. The "my programs suck fix
something else" mentality leads you to things like Java. -- Alan Cox
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null