Description of Problem:
tcp_wrappers parses control characters.
this means that if a user has the following in /etc/hosts.deny:
ALL: ALL<control character>
it treats it as a deny of the service called ALL<control character>...
which will never exist. this is especially a problem for windows users who
edit config files, which we don't want to condone, but tcp_wrappers should
be smart enough to strip out control characters when parsing
How To Reproduce:
add control characters to an ALL: ALL entry in /etc/hosts.deny
then, try to connect to a service that would be blocked by tcp_wrappers
(sshd, telnetd, sendmail).
Service access is allowed.
Service access is denied.
I don't think that this warrants to change the original source code and
probably maintaining it for this package.
Can you give an example on how a broken new file might get in place with
Thanks a lot,
Florian La Roche
a broken new file, never (unless we start editing the rpm defaults with
windows... heh) but a broken file on an edited system is a very likely system,
and something thats difficult to debug (we had a support issue on this
yesterday) since control characters don't show up in vim/emacs.
my belief is this: tcp_wrappers will never have a hosts.allow/hosts.deny service
that has control characters in it, so it would be very nice of it to ignore
control characters as it parses. this would make debugging problems with
customers faster, and not require the use of a hex editor.
Please verify this with a newer version of Red Hat Enterprise Linux or
Fedora Core and reopen it against the new version if it still occurs.
Closing as "not a bug" for now.