On Sat, Mar 22, 2014 at 10:04:51AM +0000, "Jóhann B. Guðmundsson" wrote: > So here's the thing daemons and applications are inconsistent in > their support for libwrap like for example sshd supports it while > smbd does not which leads to incorrect configuration and > administrative expectation which in itself poses a security risk. That's an excellent point; inconsistency across the distribution is definitely points-off for tcp wrappers. > The only way administrator can figure out which daemon/service was > built with libwrap support, is via ldd/string grep magic since we as > an distribution have not provide them with a list which do support > it and which do not,nor do we have those component correctly depend > on libwrap.so.0. Can you point to an example of this? Since it is a compiled dynamic library, RPM's automatic dependency checking should get this. Try `repoquery --whatrequires tcp_wrappers-libs`. Speaking of inconsistency, I notice syslog-ng in that list but not rsyslogd. (And as previously noted, there's sendmail and exim, but not postfix.) -- Matthew Miller -- Fedora Project -- <mattdm@xxxxxxxxxxxxxxxxx> -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
