Re: tcpd weirdness
On 29-Sep-97 Mirek Kwasniak wrote:
>
>>From man hosts_access(5):
>
>...
> An extended version of the access control language is
> described in the hosts_options(5) document. The extensions
> are turned on at program build time by building with
> -DPROCESS_OPTIONS.
>...
>
>Mirek
Yes, I read that. I suppose that is my question. Was one version compiled
with that option and another not?
Actually, it is more than that, according to him, hosts_access rules would
fail, they HAD to be in hosts_options format. I do not think that is possible.
I think the option is to recognize options rules or not and that it will ALWAYS
see the regular rules. The key is the order in which they appear in the file.
If you have a
daemon: ALL EXCEPT exceptions
rule and then put:
daemon: exception: DENY
rule in place, it will never be matched because the first rule matches the
world. In other words, anything not in the exceptions is allowed and the search
progresses no furhter and never even looks at a hosts.deny file.
My suspicion is that he constructed his file improperly. Order is VERY
important in these rules and I did not have root access on his system to test
it.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: