27 Aug
2001
27 Aug
'01
12:51 a.m.
On Sun, 26 Aug 2001, Philip S Tellis spewed into the ether: <snip>
Actually, you can compile xinetd with libwrap, and on redhat systems, it is by default. Xinetd also allows you to call tcpd with a program name.
Not on RH 7.1, IIRC.
<snip>
sendmail can be compiled with libwrap, ssh too. On RH7.1, sendmail is compiled with libwrap. Many other daemons are also compiled with libwrap.
Daemons compiled with libwrap can parse the hosts.[allow|deny] files, but the actual denial has to be done by those executables. The original concept of tcp-wrappers was to defend the program by stopping the remote machine from being able to start the vulnerable daemon itself. This means that the protection offered by tcpd is lost.
Devdas Bhagat
--
Once a word has been allowed to escape, it cannot be recalled.
-- Quintus Horatius Flaccus (Horace)