src/libexec/tcpd doesn't work correctly with -DPROCESS_OPTIONS

Scot W. Hetzel hetzels at westbend.net
Sat Jul 5 12:18:07 PDT 2003


From: "Vincent Poy" <vince at oahu.WURLDLINK.NET>
> Any ideas?
>
>
According to the inetd man page:

   TCP Wrappers
     When given the -w option, inetd will wrap all services specified as
     ``stream nowait'' or ``dgram'' except for ``internal'' services.  If
the
     -W option is given, such ``internal'' services will be wrapped.  If
both
     options are given, wrapping for both internal and external services
will
     be enabled.  Either wrapping option will cause failed connections to be
     logged to the ``auth'' syslog facility.  Adding the -l flag to the
wrap-
     ping options will include successful connections in the logging to the
     ``auth'' facility.
:
     When wrapping is enabled, the tcpd daemon is not required, as that
func-
     tionality is builtin. .....

Also, /etc/defaults/rc.conf shows that inetd_flags has both '-w' and '-W'
flags set.  If you are using the default flags to inetd, then you don't need
to use tcpd to wrap your telnetd session.

Did you change your inetd_flags?

I just tested the bultin tcp_wrappers in inetd, and had no problem with
adding a banner to my ftpd and telnetd daemons without using the tcpd
daemon.  But, when I changed the service to:

ftp     stream  tcp     nowait  root    /usr/libexec/tcpd       ftpd -l

and then killed -HUP the inetd process,  the inetd process wanted the banner
file to be called 'tcpd' instead of 'ftpd'.

I also killed inetd, and started it with no flags.  But when I connected to
the ftpd process, tcpd didn't display the banner (both tcpd and ftpd banner
files were installed into the banner directory).

So it looks like tcpd is broken when it comes to displaying banners.

I suggest you use inetd's builtin TCP Wrappers support, and forget using
tcpd.

Scot






More information about the freebsd-current mailing list