oss-sec mailing list archives
Re: Re: Some fun with tcp_wrappers
From: Tomas Hoger <thoger () redhat com>
Date: Wed, 15 Apr 2009 16:08:35 +0200
Hi Wietse! On Wed, 15 Apr 2009 08:07:42 -0400 (EDT) wietse () porcupine org (Wietse Venema) wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=491095If some applications mis-use the library API then that is really unfortunate.
The problem is not really limited to the applications that mis-use API. According to hosts_access(3): hosts_ctl() is a wrapper around the request_init() and hosts_access() routines with a perhaps more convenient interface (though it does not pass on enough information to support automated client username lookups). The client host address, client host name and username arguments should contain valid data or STRING_UNKNOWN. hosts_ctl() returns zero if access should be denied. STRING_UNKNOWN is valid argument expected to be passed to hosts_ctl. That description does not seem to be too clear to indicate that when one uses hosts_ctl as: hosts_ctl(svcname, STRING_UNKNOWN, client_addr, STRING_UNKNOWN) all hostname-based rules are ignored. It seems those using hosts_ctl do not always realize that.
Changing the library to work around application bugs is a BAD idea. It helps only one platform and complicates cross-platform software that does play by the rules.
It's hard to disagree with that. Though we seem to have failed on this some time ago alread. The change was done as bugfix nearly two years ago in Fedora / Red Hat Enterprise Linux 5 (after some discussion whether this is application or tcp_wrappers bug), we're now only introducing the change to products that are not too relevant for future applications development (all released 4+ years ago).
I would recommend fixing applications that mis-use the library API. To encourage application developers, the library could log a warning and return a DENY result for improper calls such as a zero-length hostname or address argument.
Is STRING_UNKNOWN as hostname a mis-use of API? Are all applications not wanting to do DNS resolution when not needed expected to switch to request_init / hosts_access instead? Is there any use cases where ignoring hostname based rules when STRING_UNKNOWN is passed as hostname argument to hosts_ctl is more desired than tcp_wrappers performing resolution when needed? Denying zero-length hostname/address sounds like a library workaround too, with no obvious benefits for those doing such change. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- Some fun with tcp_wrappers Tomas Hoger (Apr 15)
- Re: Some fun with tcp_wrappers Wietse Venema (Apr 15)
- Re: Re: Some fun with tcp_wrappers Tomas Hoger (Apr 15)
- Re: Re: Some fun with tcp_wrappers Wietse Venema (Apr 15)
- Re: Re: Some fun with tcp_wrappers Tomas Hoger (Apr 15)
- Re: Re: Some fun with tcp_wrappers Wietse Venema (Apr 15)
- Re: Re: Some fun with tcp_wrappers Wietse Venema (Apr 15)
- Re: Re: Some fun with tcp_wrappers Steven M. Christey (Apr 15)
- Re: Re: Some fun with tcp_wrappers Tomas Hoger (Apr 16)
- Re: Re: Some fun with tcp_wrappers Wietse Venema (Apr 16)
- Re: Re: Some fun with tcp_wrappers Tomas Hoger (Apr 16)
- Re: Re: Some fun with tcp_wrappers Wietse Venema (Apr 16)
- Re: Re: Some fun with tcp_wrappers Steven M. Christey (Apr 24)
- Re: Re: Some fun with tcp_wrappers Tomas Hoger (Apr 15)
- Re: Some fun with tcp_wrappers Wietse Venema (Apr 15)