Re: Maybe it's time to get rid of tcpwrappers/tcpd?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2014-03-20 20:55 GMT+01:00 Hans de Goede <hdegoede@xxxxxxxxxx>:
Lennart says:
1) It is horrible code
2) It really really is horrible horrible code
3) And there are other ways to achieve the same goal, so lets kill it

Others say:
1) There may be other ways but non so easily central managed with with
a unified syntax for all services

Yes.  It's notable that almost every widely-used network server that doesn't use tcp_wrappers has needed to add a very similar set of options; so we shouldn't expect that tcp_wrappers were removed users would stop using or asking for that kind of functionality.

Centralizing the language, semantics and implementation is clearly a better UI and better design.  Not only for the common case of "the same option has a different name in the other daemon", but also for the corner cases like error behavior where various independent implementations differ in surprising ways.  Such surprises are great starting points for attackers looking to bypass policy.

From the users' POV, moving from tcp_wrappers to per-daemon configuration is a clear step backwards.  If the implementers' POV differs, that's a reason to change the implementation, not to discard the feature.
    Mirek
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux