src/libexec/tcpd doesn't work correctly with -DPROCESS_OPTIONS
vince at oahu.WURLDLINK.NET
Sat Jul 5 13:40:47 PDT 2003
On Sat, 5 Jul 2003, Scot W. Hetzel wrote:
> From: "Vincent Poy" <vince at oahu.WURLDLINK.NET>
> > Any ideas?
> According to the inetd man page:
> TCP Wrappers
> When given the -w option, inetd will wrap all services specified as
> ``stream nowait'' or ``dgram'' except for ``internal'' services. If
> -W option is given, such ``internal'' services will be wrapped. If
> options are given, wrapping for both internal and external services
> be enabled. Either wrapping option will cause failed connections to be
> logged to the ``auth'' syslog facility. Adding the -l flag to the
> ping options will include successful connections in the logging to the
> ``auth'' facility.
> When wrapping is enabled, the tcpd daemon is not required, as that
> tionality is builtin. .....
> Also, /etc/defaults/rc.conf shows that inetd_flags has both '-w' and '-W'
> flags set. If you are using the default flags to inetd, then you don't need
> to use tcpd to wrap your telnetd session.
> Did you change your inetd_flags?
Nope, I have the -wW by default. I never knew inetd had builtin
wrappers but in that case, then it might be better but I remembered
tcp_wrappers was implemented into the base system and I thought it was in
tcpd since that binary is part of the world build process installation.
> I just tested the bultin tcp_wrappers in inetd, and had no problem with
> adding a banner to my ftpd and telnetd daemons without using the tcpd
> daemon. But, when I changed the service to:
> ftp stream tcp nowait root /usr/libexec/tcpd ftpd -l
> and then killed -HUP the inetd process, the inetd process wanted the banner
> file to be called 'tcpd' instead of 'ftpd'.
Actually, it's working correctly for me with the ftpd name. This
is my /etc/inetd.conf for the ftpd line:
ftp stream tcp nowait root /usr/libexec/ftpd /usr/libexec/ftpd -l
This is what the hosts.allow line looks like:
telnetd,ftpd,rshd,rlogind : 208.201.244. : rfc931 : banners /etc/banners
This is my /etc/banners listing:
root at bigbang [1:33pm][/usr/local/sbin] >> dir /etc/banners
drwxr-xr-x 3 root wheel - 512 Sep 7 2002 .
drwxr-xr-x 18 root wheel - 3072 Jul 5 11:59 ..
-rw-r--r-- 1 root wheel - 2026 Dec 12 1996 Makefile
drwxr-xr-x 2 root wheel - 512 Sep 6 2002 deny
-rw-r--r-- 1 root wheel - 712 Sep 6 2002 deny.telnetd
-rw-r--r-- 1 root wheel - 219 Sep 6 2002 fingerd
-rw-r--r-- 1 root wheel - 215 Dec 15 1996 fingerd.bak
-rw-r--r-- 1 root wheel - 1289 Dec 13 1996 fingerd.old
-rw-r--r-- 1 root wheel - 634 Sep 6 2002 ftpd
-rwxr-xr-x 1 root wheel - 8192 Dec 12 1996 nul
-rw-r--r-- 1 root wheel - 582 Sep 6 2002 prototype
-rw-r--r-- 1 root wheel - 1289 Dec 16 1996 prototype.old
-rw-r--r-- 1 root wheel - 0 Sep 6 2002 rlogind
-rw-r--r-- 1 root wheel - 582 Sep 6 2002 rshd
-rw-r--r-- 1 root wheel - 557 Sep 7 2002 sshd
-rw-r--r-- 1 root wheel - 582 Sep 6 2002 telnetd
The only thing is that for IPs not defined, it would go straight
to the ftp login prompt and not deny access, I thought deny was default
for anything not defined?
> I also killed inetd, and started it with no flags. But when I connected to
> the ftpd process, tcpd didn't display the banner (both tcpd and ftpd banner
> files were installed into the banner directory).
Yep, same here.
> So it looks like tcpd is broken when it comes to displaying banners.
So it wasn't my imagination. :-) I wonder if there is actually
any differences between the tcp_wrappers in inetd and the one in tcpd or
is the inetd just the tcpd stuff all intergrated and improved.
> I suggest you use inetd's builtin TCP Wrappers support, and forget using
That's a good idea since I probably won't remember to fix tcpd if
there is a fix on each cvsup and then buildworld.
Vince - vince at WURLDLINK.NET - Vice President ________ __ ____
Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ]
WurldLink Corporation / / / / | / | __] ]
San Francisco - Honolulu - Hong Kong / / / / / |/ / | __] ]
HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]
Almighty1 at IRC - oahu.DAL.NET Hawaii's DALnet IRC Network Server Admin
More information about the freebsd-current