Maybe it's time to get rid of tcpwrappers/tcpd?

Stephen John Smoogen smooge at gmail.com
Thu Mar 20 20:55:11 UTC 2014 

On 20 March 2014 13:55, Hans de Goede <hdegoede at redhat.com> wrote:

> Hi,
>
> On 03/20/2014 07:45 PM, Lennart Poettering wrote:
> > On Thu, 20.03.14 14:31, Martin Langhoff (martin.langhoff at gmail.com)
> wrote:
> >
> >> On Thu, Mar 20, 2014 at 1:34 PM, Lennart Poettering <
> mzerqung at 0pointer.de>wrote:
> >>
> >>> I wonder whether it wouldn't be time to say goodbye to tcpwrappers in
> >>> Fedora. There has been a request in systemd upstream to disable support
> >>>
> >>
> >> As Stephen points out, they are used. Does systemd+xinetd match their
> >> functionality?
> >
> > No. systemd is not a firewall. It currently supports libwrap checks for
> > socket activated services. And I'd really like to get rid of that...
> >
> > I have no doubt that some people use them, however I am also pretty sure
> > that they are massively awful, and not worth the trouble, and that I'd
> > prefer not to see this crap in the default install. However, since the
> > library is currently hooked into a lot of services (starting with
> > systemd itself) I currently cannot do "rpm -e".
> >
> > I mean, I really don't mind that tcpd/tcpwrap stays in the archives, if
> > people want to make use of that. I am simply proposing to not link
> > agains them anymore for everything that is in the default system.
>
> So as an innocent bystander who happens to be reading along this thread,
> I see 2 sides to the story here:
>
> Lennart says:
> 1) It is horrible code
> 2) It really really is horrible horrible code
> 3) And there are other ways to achieve the same goal, so lets kill it
>
> Others say:
> 1) There may be other ways but non so easily central managed with with
> a unified syntax for all services
>
> The argument which the others are making actually sounds a lot like
> a lot of the arguments in favor of systemd (wrt standardizing, etc.).
>
> And I'm getting the feeling that Lennart is not as much opposed to the
> functionality of tcp-wrappers, as that he *really* hates the code.
>
> So maybe a solution would be to write a libwrap2 instead ?
>
> So offer something with equivalent functionality (and config file
> syntax compatibility), with a nice modern clean API and then systemd
> and others can be moved over to that 1 by 1, and once we've no more
> users left we can kill of the old beast ?
>
> Note I've nothing to do with anything in this discussion, but I
> just noticed a certain trend in it and I hope the above may lead
> to a more fruitful discussion.
>

Yes I agree Hans. I think this is the rational and correct course. I also
realize that it isn't Lennart's job to do so even if I wish he would.


-- 
Stephen J Smoogen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140320/654a85cc/attachment-0001.html>

More information about the devel mailing list