Maybe it's time to get rid of tcpwrappers/tcpd?
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Thu Mar 20 19:58:39 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/20/2014 01:55 PM, Hans de Goede wrote:
> Hi,
>
> On 03/20/2014 07:45 PM, Lennart Poettering wrote:
>> On Thu, 20.03.14 14:31, Martin Langhoff
>> (martin.langhoff at gmail.com) wrote:
>>
>>> On Thu, Mar 20, 2014 at 1:34 PM, Lennart Poettering
>>> <mzerqung at 0pointer.de>wrote:
>>>
>>>> I wonder whether it wouldn't be time to say goodbye to
>>>> tcpwrappers in Fedora. There has been a request in systemd
>>>> upstream to disable support
>>>>
>>>
>>> As Stephen points out, they are used. Does systemd+xinetd match
>>> their functionality?
>>
>> No. systemd is not a firewall. It currently supports libwrap
>> checks for socket activated services. And I'd really like to get
>> rid of that...
>>
>> I have no doubt that some people use them, however I am also
>> pretty sure that they are massively awful, and not worth the
>> trouble, and that I'd prefer not to see this crap in the default
>> install. However, since the library is currently hooked into a
>> lot of services (starting with systemd itself) I currently cannot
>> do "rpm -e".
>>
>> I mean, I really don't mind that tcpd/tcpwrap stays in the
>> archives, if people want to make use of that. I am simply
>> proposing to not link agains them anymore for everything that is
>> in the default system.
>
> So as an innocent bystander who happens to be reading along this
> thread, I see 2 sides to the story here:
>
> Lennart says: 1) It is horrible code 2) It really really is
> horrible horrible code 3) And there are other ways to achieve the
> same goal, so lets kill it
>
> Others say: 1) There may be other ways but non so easily central
> managed with with a unified syntax for all services
>
> The argument which the others are making actually sounds a lot
> like a lot of the arguments in favor of systemd (wrt standardizing,
> etc.).
>
> And I'm getting the feeling that Lennart is not as much opposed to
> the functionality of tcp-wrappers, as that he *really* hates the
> code.
>
> So maybe a solution would be to write a libwrap2 instead ?
>
> So offer something with equivalent functionality (and config file
> syntax compatibility), with a nice modern clean API and then
> systemd and others can be moved over to that 1 by 1, and once we've
> no more users left we can kill of the old beast ?
>
> Note I've nothing to do with anything in this discussion, but I
> just noticed a certain trend in it and I hope the above may lead to
> a more fruitful discussion.
>
> Regards,
>
> Hans
>
Hans,
Now that is just too entirely rational ;).
This sounds like a wonderful solution, but someone has to be willing
to write the thing.
- -Erinn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJTK0hrAAoJEFg7BmJL2iPOsnwH/0q5Kf7GvOMKaAemk9y/mYmE
nsB0QHt8nVhWTOd+T4O726loBZlE5pEzhdFTseIROYsmrSsKaKl7DR44CuVSOyXp
q0+TDkT17YxpbrM1OqZWFVW3osbvQo2dohgwaCovviOOiKKHprSC/teTRJ3eKjZI
B1Ymw6PnxzAdyNkrisWqgSpTCCTKvqCLDqLXVRLpC8K/3rj5IY7h8CPg2Ny3ORZI
vL6bP4cAfvdS3wmKeSSIPzvRroPORSWTVJ3IOkvX3NBuWweaIh5nxqP1kiLbkx5G
a8akc48Lhq1DKD0L7aAOHzPb4gtBDw6YnkJu6soCBA0eguRUhyMSMMwrcZBqkoI=
=k0nE
-----END PGP SIGNATURE-----
More information about the devel
mailing list