Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Re: [suse-security] tcp wrappers and banners
- From: Roman Drahtmueller <draht@xxxxxxx>
- Date: Wed, 14 Nov 2001 20:48:24 +0100 (MET)
- Message-id: <Pine.LNX.4.33.0111142031470.21092-100000@xxxxxxxxxxxx>
Hello Niki,
>
> Hi All,
> I am trying to figure out the differences with the tcpd package that
> is a security wrapper for TCP daemons and other tcp wrapper packages.
> Normally, I have seen a Banners.Makefile loaded with some packages, for
> example, tcp_wrappers-7.6 installs it as
> /usr/share/doc/tcp_wrappers-7.6/Banners.Makefile. But tcpd does not include
> this file in the rpm package. Yet both packages have the same README file
> which mentions the use of Banners.Makefile. Can I assume the tcpd package
> could utilize a similar Banners.Makefile format as that used in
> tcp_wrappers-7.6? ie. Could I copy the Banners.Makefile from the
> tcp_wrappers package into the tcpd directory?
>
This Makefile has only one purpose: It reformats the banner messages that
you can feed to a declined client to a protocol format that the client can
read. In particular, the ftp protocol needs the string "220-" at the
beginning of each line if the text following this prefix is supposed to be
shown to the user.
Most other protocols do not need this special treatment or their
implementations do not show any input from the network socket at all.
in.rlogind wants to have a (one-byte) NULL character before the text that
explains why the connection has been declined. in.rshd (the
non-interactive equivalent) does not show any input at all.
We guess that secure shell obsoletes rlogind (as well as rshd in most
cases) so that the only win from the Banners.Makefile is the knowledge of
the "220-" feature in the ftp control connection protocol.
Of course, the same Makefile would work. It's just not included because
the usefulness is limited.
> Thanks,
>
> Niki A. Rahimi
> narahimi@xxxxxxxxxx
Thanks,
Roman.
--
- -
| Roman Drahtmüller <draht@xxxxxxx> // "You don't need eyes to see, |
SuSE GmbH - Security Phone: // you need vision!"
| Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |
- -
>
> Hi All,
> I am trying to figure out the differences with the tcpd package that
> is a security wrapper for TCP daemons and other tcp wrapper packages.
> Normally, I have seen a Banners.Makefile loaded with some packages, for
> example, tcp_wrappers-7.6 installs it as
> /usr/share/doc/tcp_wrappers-7.6/Banners.Makefile. But tcpd does not include
> this file in the rpm package. Yet both packages have the same README file
> which mentions the use of Banners.Makefile. Can I assume the tcpd package
> could utilize a similar Banners.Makefile format as that used in
> tcp_wrappers-7.6? ie. Could I copy the Banners.Makefile from the
> tcp_wrappers package into the tcpd directory?
>
This Makefile has only one purpose: It reformats the banner messages that
you can feed to a declined client to a protocol format that the client can
read. In particular, the ftp protocol needs the string "220-" at the
beginning of each line if the text following this prefix is supposed to be
shown to the user.
Most other protocols do not need this special treatment or their
implementations do not show any input from the network socket at all.
in.rlogind wants to have a (one-byte) NULL character before the text that
explains why the connection has been declined. in.rshd (the
non-interactive equivalent) does not show any input at all.
We guess that secure shell obsoletes rlogind (as well as rshd in most
cases) so that the only win from the Banners.Makefile is the knowledge of
the "220-" feature in the ftp control connection protocol.
Of course, the same Makefile would work. It's just not included because
the usefulness is limited.
> Thanks,
>
> Niki A. Rahimi
> narahimi@xxxxxxxxxx
Thanks,
Roman.
--
- -
| Roman Drahtmüller <draht@xxxxxxx> // "You don't need eyes to see, |
SuSE GmbH - Security Phone: // you need vision!"
| Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |
- -
| < Previous | Next > |