[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
enable-wrappers uses brain dead hosts_ctl (ITS#1975)
Full_Name: Tim Rice
Version: 2.0.25
OS: OpenUNIX & Linux
URL:
Submission from: (NULL) (64.165.223.178)
servers/slapd/daemon.c uses hosts_ctl() which is not smart enough
to figure out valid hosts.allow entries like
slapd: localhost 192.168.99.0/255.255.255.0: ALLOW
causing most users to use slapd: ALL: ALLOW instead.
Not good security wise. From the hosts_acces(3) man page
hosts_ctl() is a wrapper around the request_init() and
hosts_access() routines with a perhaps more convenient
interface (though it does not pass on enough information
to support automated client username lookups).