[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tcpd weirdness

On 29-Sep-97 Mirek Kwasniak wrote:
>
>>From man hosts_access(5):
>
>...
>       An extended version of  the  access  control  language  is
>       described in the hosts_options(5) document. The extensions
>       are turned on at  program  build  time  by  building  with
>       -DPROCESS_OPTIONS.
>...
>
>Mirek

Yes, I read that.  I suppose that is my question.  Was one version compiled
with that option and another not?

Actually, it is more than that, according to him, hosts_access rules would
fail, they HAD to be in hosts_options format.  I do not think that is possible.
I think the option is to recognize options rules or not and that it will ALWAYS
see the regular rules.  The key is the order in which they appear in the file.

If you have a 

daemon: ALL EXCEPT exceptions

rule and then put:

daemon: exception:      DENY

rule in place, it will never be matched because the first rule matches the
world. In other words, anything not in the exceptions is allowed and the search
progresses no furhter and never even looks at a hosts.deny file.

My suspicion is that he constructed his file improperly. Order is VERY
important in these rules and I did not have root access on his system to test
it.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .
Reply to: