Re: Re-install libwrap in OpenSSH

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, 20 May 2015 14:46:57 +0200
Peter Stuge <peter@xxxxxxxx> wrote:

> Stephan von Krawczynski wrote:
> > it is pretty obvious
> 
> I guess you're not only not subscribed to the development list, but
> you seem to also not have looked at the list archives.
> 
> You can only seem like a troll if you act as if you know best but
> in fact you are wrong. It's up to you whether you want to risk that
> of course, but it's dangerous for your case.

Are you already preparing for having no arguments?
 
> > _not_ replaceable by your match-statement.
> 
> This rhetoric makes it sound like it is very important for you to
> distance yourself from the OpenSSH developers. That may not be such
> a great strategy when you want someone to do something for you.
> 
> The rationale is that firewall rules can replace libwrap and that
> removing libwrap removes a significant attack surface exposed to the
> network.

Show me this as an example of your firewall skills and replace this
hosts.allow entry:

sshd: .... : spawn (echo -e "%u@%h[%a] on `/bin/date`" to %d connected me |
/bin/mail -s "hosts.allow entry XYZ" root) & : ALLOW


This is only an example code, of course.
 
> > somebody will fork the project for sure.
> 
> Go for it. I think uptake will be limited. I think your best bet will
> be for you to contribute modifications to your prefered distribution.

Negative. Wait and see.

> > you made the wrong decision. Please cc me in case as I am not
> > reading the list.
> 
> If you had been reading the list you would already have known
> everything I wrote in this email.
> 
> 
> //Peter

I saw the wrong outcome of it, and will reverse it.

-- 
Regards,
Stephan

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux