[Date Prev][Date Next] [Chronological] [Thread] [Top]

enable-wrappers uses brain dead hosts_ctl (ITS#1975)

To: openldap-its@OpenLDAP.org
Subject: enable-wrappers uses brain dead hosts_ctl (ITS#1975)
From: tim@multitalents.net
Date: Mon, 22 Jul 2002 03:51:49 GMT

Full_Name: Tim Rice
Version: 2.0.25
OS: OpenUNIX & Linux
URL: 
Submission from: (NULL) (64.165.223.178)


servers/slapd/daemon.c uses hosts_ctl() which is not smart enough
to figure out valid hosts.allow entries like
	slapd: localhost 192.168.99.0/255.255.255.0: ALLOW
causing most users to use slapd: ALL: ALLOW instead. 
Not good security wise. From the hosts_acces(3) man page
       hosts_ctl()  is  a  wrapper  around the request_init() and
       hosts_access() routines with  a  perhaps  more  convenient
       interface  (though  it does not pass on enough information
       to support automated client username lookups).

Prev by Date: Shell Fork Runaway Bug (ITS#1973)
Next by Date: Re: Shell Fork Runaway Bug (ITS#1973)
Index(es):
- Chronological
- Thread