Re-install libwrap in OpenSSH
Stephan von Krawczynski
skraw at ithnet.com
Wed May 20 23:58:22 AEST 2015
On Wed, 20 May 2015 14:46:57 +0200
Peter Stuge <peter at stuge.se> wrote:
> Stephan von Krawczynski wrote:
> > it is pretty obvious
>
> I guess you're not only not subscribed to the development list, but
> you seem to also not have looked at the list archives.
>
> You can only seem like a troll if you act as if you know best but
> in fact you are wrong. It's up to you whether you want to risk that
> of course, but it's dangerous for your case.
Are you already preparing for having no arguments?
> > _not_ replaceable by your match-statement.
>
> This rhetoric makes it sound like it is very important for you to
> distance yourself from the OpenSSH developers. That may not be such
> a great strategy when you want someone to do something for you.
>
> The rationale is that firewall rules can replace libwrap and that
> removing libwrap removes a significant attack surface exposed to the
> network.
Show me this as an example of your firewall skills and replace this
hosts.allow entry:
sshd: .... : spawn (echo -e "%u@%h[%a] on `/bin/date`" to %d connected me |
/bin/mail -s "hosts.allow entry XYZ" root) & : ALLOW
This is only an example code, of course.
> > somebody will fork the project for sure.
>
> Go for it. I think uptake will be limited. I think your best bet will
> be for you to contribute modifications to your prefered distribution.
Negative. Wait and see.
> > you made the wrong decision. Please cc me in case as I am not
> > reading the list.
>
> If you had been reading the list you would already have known
> everything I wrote in this email.
>
>
> //Peter
I saw the wrong outcome of it, and will reverse it.
--
Regards,
Stephan
More information about the openssh-unix-dev
mailing list