*BSD News Article 81170


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!howland.erols.net!news.mathworks.com!fu-berlin.de!irz401!orion.sax.de!uriah.heep!news
From: j@uriah.heep.sax.de (J Wunsch)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Tcp_wrappers won't work!
Date: 20 Oct 1996 15:34:31 GMT
Organization: Private BSD site, Dresden
Lines: 27
Message-ID: <54dgq7$3gs@uriah.heep.sax.de>
References: <548avr$184@news.ox.ac.uk>
  <01bbbd62$271bd240$32498796@rc6855.rescomp.arizona.edu>
  <549hup$l92@dewey.udel.edu> <54a3h1$o12@news.ox.ac.uk>
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
NNTP-Posting-Host: localhost.heep.sax.de
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Newsreader: knews 0.9.6
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E

Neil Long <neil.long@materials.oxford.ac.uk> wrote:

> Well, every system I use tcp_wrappers on has the deny/allow in /etc.
> It is common to nfs mount /usr/local on many systems and putting such
> a critical system security file at the mercy of nfs mount attacks is
> not sensible IMHO.

If you are NFS, you will probably make your /usr/local/etc a symlink
to e.g. /etc/local/ anyway (and provide for a shadow symlink in your
/usr partition that is visible until the NFS mount of /usr/local is
complete).

Jerry was right that the default policy for any port is to not touch
the base system, but install everything under /usr/local/ (or under
/usr/X11R6/ for an X11 port).

> The packaged version needs a README or something as the man pages are
> still pointing to /etc.

Submit this to the maintainer of the port.  Most prefered with a fix. :)

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)