Bug 143033
Summary: | sendmail no longer appears to be using tcp_wrappers | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Ian Laurie <nixuser> |
Component: | Documentation | Assignee: | Don Domingo <ddomingo> |
Status: | CLOSED WONTFIX | QA Contact: | Content Services Development <ecs-dev-list> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.0 | Keywords: | Documentation |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-10-19 19:11:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ian Laurie
2004-12-15 21:06:58 UTC
On further investigation, I found this in the Red Hat Enterprise Linux 3 Reference Guide, section 16.1: "Because TCP wrappers are a valuable addition to any server administrator's arsenal of security tools, most network services within Red Hat Enterprise Linux are linked against the libwrap.a library. Some such applications include /usr/sbin/sshd, /usr/sbin/sendmail, and /usr/sbin/xinetd." The suggested test: strings -f /usr/sbin/sendmail | grep hosts_access Doesn't find the string. the sendmail binary is linked against tcp_wrappers: ldd /usr/sbin/sendmail.sendmail ... libwrap.so.0 => /usr/lib/libwrap.so.0 ... Please append your hosts.deny file. I have found my problem. The syntax expectations of tcp_wrappers for the address/mask syntax was not as I expected. For example, 192.168.1.235/255.255.255.254 failed to match the host 192.168.1.235 whereas I thought it should match. It seems the address component must have zeros in the part of the address for which the mask part has zeros. So 192.168.1.234/255.255.255.254 would match 192.168.1.235. I thought the address component could be any address inside the range, whereas it seems it must be the *lowest* address in the range. Is this behavior intentional? Perhaps the tcp_wrappers test in the manual should be changed to the one used by Thomas, since that method works and the one in the manual doesn't. In which manual? Manual mentioned in comment #1: "Red Hat Enterprise Linux 3 Reference Guide", section 16.1, in the blue colored "Notes" box. Your test for the presence of tcp_wrappers worked, whereas the one in the manual didn't (at least not for the EL version). rpm -q --whatrequires tcp_wrappers should also be added per a dicussion with twoerner... Also need to investigate the RHEL4-Beta docs as well for this issue. This is weird..... on the same RHEL3 box: server# rpm -q --whatrequires tcp_wrappers no package requires tcp_wrappers server# On my Fedora Core 3 box: zaurak# rpm -q --whatrequires tcp_wrappers netatalk-1.6.4-4 zaurak# Is this solved for you? No it isn't. The error is with the documentation as stated in comment #1. The manual says to use: strings -f <binary_name> | grep hosts_access But that does not work. However this works: ldd <binary_name> | grep libwrap as per your comment #2. BTW the same bug is in RHEL4's reference manual as well. Reassigning to documentation. This bug is filed against RHEL 3, which is in maintenance phase. During the maintenance phase, only security errata and select mission critical bug fixes will be released for enterprise products. Since this bug does not meet that criteria, it is now being closed. For more information of the RHEL errata support policy, please visit: http://www.redhat.com/security/updates/errata/ If you feel this bug is indeed mission critical, please contact your support representative. You may be asked to provide detailed information on how this bug is affecting you. |