Bug 130768 - xinetd sgi_fam GNOME tcpwrappers incompatibility
Summary: xinetd sgi_fam GNOME tcpwrappers incompatibility
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: xinetd   
(Show other bugs)
Version: 3.0
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Jan Safranek
QA Contact: Brock Organ
Depends On:
TreeView+ depends on / blocked
Reported: 2004-08-24 15:11 UTC by Mark A White
Modified: 2007-11-30 22:07 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-10-19 19:19:42 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Mark A White 2004-08-24 15:11:31 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4)
Gecko/20030624 Netscape/7.1

Description of problem:
This is a problem which was reported for RH7 RH8 and FC1.  It also has
appeared in RHEL WS3.  See buzilla reports 74696, 119918, 113576,
117529, and 108383.

The use of ALL:ALL in hosts.deny sets up an unstable situation which
may break sgi_fam and the GNOME DTMW, preventing X-windows login with
GNOME.  Another symptom is the repeated error message in messages:

xinetd[23194]: FAIL: sgi_fam libwrap from=<no address>
xinetd[4943]: START: sgi_fam pid=23195 from=<no address>

A work around which seems to solve this problem is to add the
following line to /etc/xinetd.d/sgi_fam

       flags           = NOLIBWRAP

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. add ALL:ALL to /etc/hosts deny
2. Login using the GNOME DTWM
3. Get Bluescreen, sgi_fam libwrappers error messages in /var/log/messages

Additional info:

This bug could cause many users to give up on using tcpwrappers to
secure their machines.  It has been fixed several times in the past,
but seems to have resurfaced.  The sgi_fam configuration fix seems to
be the easiest to implement, and least likely to be accidently removed
in the future.  While the xinetd patch from RH7/8 has been lost again!

Comment 1 Steve Grubb 2004-09-24 17:03:39 UTC
As the upstream xinetd co-maintainer, I agree with the flags =
NOLIBWRAP. This has always been the suggested way to handle rpc or
tcp-wait configurations.

Xinetd losing the patch is OK. This in my opinion is a bug with the
sgi_fam package. Even if xinetd gets the patch back in, having the
flags option corrected would help if the patch was reverted again.

Comment 2 RHEL Product and Program Management 2007-10-19 19:19:42 UTC
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
For more information of the RHEL errata support policy, please visit:
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.

Note You need to log in before you can comment on or make changes to this bug.