src/libexec/tcpd doesn't work correctly with -DPROCESS_OPTIONS

Scot W. Hetzel hetzels at westbend.net
Fri Jul 4 17:00:48 PDT 2003


From: "Vincent Poy" <vince at oahu.WURLDLINK.NET>
> In -CURRENT, /usr/src/libexec/tcpd, the Makefile doesn't have
> -DPROCESS_OPTIONS needed which in hosts_access(5) manpage, allows things
> such as banners for the tcp_wrappers to be working.
>

> So in the /usr/src/libexec/tcpd/Makefile, I added
> -DPROCESS_OPTIONS
>
> CFLAGS+=-DREAL_DAEMON_DIR=\"/usr/libexec\" \
>         -DSEVERITY=LOG_INFO -DRFC931_TIMEOUT=10 \
>         -DHOSTS_DENY=\"/etc/hosts.deny\"
>         -DHOSTS_ALLOW=\"/etc/hosts.allow\" \
>         -DFACILITY=LOG_DAEMON \
>         -DPROCESS_OPTIONS
>
> However, the -DPROCESS_OPTIONS seems to have no effect after I
> replaced the tcpd and restarted inetd.   When one telnets, it just goes
> to telnetd directly without going through the banners even though it
> denies access to those not defined in /etc/hosts.allow:
>
You only enabled 1/3 of the source to use PROCESS_OPTIONS, you also need to
add the option to libwrap (lib/libwrap) and tcpdchk (src/usr.sbin/tcpdchk).

Scot



More information about the freebsd-current mailing list