Bug 51262

Summary: tcp_wrappers parses control characters
Product: [Retired] Red Hat Linux Reporter: Tom "spot" Callaway <tcallawa>
Component: tcp_wrappersAssignee: Thomas Woerner <twoerner>
Status: CLOSED NOTABUG QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3Keywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-10-07 13:58:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tom "spot" Callaway 2001-08-08 20:15:11 UTC
Description of Problem:
tcp_wrappers parses control characters.
this means that if a user has the following in /etc/hosts.deny:

ALL: ALL<control character>

it treats it as a deny of the service called ALL<control character>...
which will never exist. this is especially a problem for windows users who
edit config files, which we don't want to condone, but tcp_wrappers should
be smart enough to strip out control characters when parsing
hosts.allow/hosts.deny.

How To Reproduce:
add control characters to an ALL: ALL entry in /etc/hosts.deny
then, try to connect to a service that would be blocked by tcp_wrappers
(sshd, telnetd, sendmail).

Actual Results:

Service access is allowed.

Expected Results:

Service access is denied.

Comment 1 Florian La Roche 2001-08-09 11:16:33 UTC
I don't think that this warrants to change the original source code and
probably maintaining it for this package.

Can you give an example on how a broken new file might get in place with
control characters?
Thanks a lot,

Florian La Roche



Comment 2 Tom "spot" Callaway 2001-08-09 15:11:31 UTC
a broken new file, never (unless we start editing the rpm defaults with
windows... heh) but a broken file on an edited system is a very likely system,
and something thats difficult to debug (we had a support issue on this
yesterday) since control characters don't show up in vim/emacs.

my belief is this: tcp_wrappers will never have a hosts.allow/hosts.deny service
that has control characters in it, so it would be very nice of it to ignore
control characters as it parses. this would make debugging problems with
customers faster, and not require the use of a hex editor.

Comment 3 Thomas Woerner 2004-10-07 13:58:02 UTC
Please verify this with a newer version of Red Hat Enterprise Linux or
Fedora Core and reopen it against the new version if it still occurs.

Closing as "not a bug" for now.