Fedora tcp_wrappers (missing) support for custom acl scripts, aclexec
Lennart Poettering
mzerqung at 0pointer.de
Mon Jan 12 16:17:08 UTC 2015
On Sun, 11.01.15 21:29, Tomasz Torcz (tomek at pipebreaker.pl) wrote:
> On Sat, Jan 10, 2015 at 12:16:38AM +0200, Pasi Kärkkäinen wrote:
> > Hello,
> >
> > I recently noticed Debian/Ubuntu has had support for "aclexec" in tcp_wrappers via a custom patch since 2006,
> > so you can do this in /etc/hosts.allow or hosts.deny:
> >
> >
> > What do people feel about that? I'd like to see support for aclexec included in Fedora's tcp_wrappers package.
>
> Enhancing tcpwrappers isn't generally a way we are going:
> https://lists.fedoraproject.org/pipermail/devel/2014-March/196913.html
>
> Above discussions is only about proposal, no change was made. But I highly doubt
> any serious work on tcpwrappers will happen.
Well, we *did* drop tcpwrap support from systemd. It's not just OpenSSH
that is dropping it...
tcpwrap should really be removed. Having such crap, unmaintained code
responsible for security checks is completely backwards.
Lennart
--
Lennart Poettering, Red Hat
More information about the devel
mailing list