Re: Maybe it's time to get rid of tcpwrappers/tcpd?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2014-03-20 18:59 GMT+01:00 Paul Wouters <paul@xxxxxxxxx>:
On Thu, 20 Mar 2014, Lennart Poettering wrote:

I wonder whether it wouldn't be time to say goodbye to tcpwrappers in
Fedora.

I'd be happy to see those go.

Those who depend on it though, should see some "failed closed"
behaviour, so their service does not suddenly become more exposed.

Wouldn't failing closed essentially involve keeping libwrap, keeping all the callers, keeping the existing parser, only ignoring most of the rule and treating any rule matching the daemon name as DENY?  At that point we might just as well keep the non-controversially-safe functionality like IP checks working.
    Mirek
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux