Maybe it's time to get rid of tcpwrappers/tcpd?
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Thu Mar 20 18:11:27 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/20/2014 11:59 AM, Paul Wouters wrote:
> On Thu, 20 Mar 2014, Lennart Poettering wrote:
>
>> I wonder whether it wouldn't be time to say goodbye to
>> tcpwrappers in Fedora.
>
> I'd be happy to see those go.
>
> Those who depend on it though, should see some "failed closed"
> behaviour, so their service does not suddenly become more exposed.
>
> Paul
Yeah I am not sure you are going to be able to make a totally clean
cut, there are some of us out there who still use this and it works,
despite however much crap it is underneath the covers.
A fail closed would be a decent first step, but as I said dropping it
altogether without some mitigation would be a bad move I believe.
Just my two cents,
- -Erinn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJTKy9KAAoJEFg7BmJL2iPOqhgH/AxzMlqVHGn2p2GBHkVsvDCY
jjtA7/GDiWWHaOWykKIPFsxu+SiULux1JbcIop0qIsWsb8wbeQjrC/9tMIpRPb5n
Zsx3Zpk4YfWabEjSuhSjIYBqkbhh/5OQNYHLmeaTMR6rd8/N9MMrwlrxBjRtSLlG
ghxQ3BcqCdVR4hdFdBGkaTi1MXxjxcXVpcoOK/1vU63r9VeTz0UMGpC7heXA3d1O
4cuFY2D9zvu4y78UEC8RqM/p4pv3b6dAmNmatAilc4tiCUgQUt03n2K1TUVctsc0
zvDmx+bFeu6A8RnRNGddkvSKrv/qG96qKHucQ1tLCNvcZ1sdeLkMvurSeq+Pdkw=
=/0ol
-----END PGP SIGNATURE-----
More information about the devel
mailing list