Bug 51262 - tcp_wrappers parses control characters
Summary: tcp_wrappers parses control characters
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: tcp_wrappers   
(Show other bugs)
Version: 7.3
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: David Lawrence
Keywords: FutureFeature
Depends On:
TreeView+ depends on / blocked
Reported: 2001-08-08 20:15 UTC by Tom "spot" Callaway
Modified: 2007-04-18 16:35 UTC (History)
0 users

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-10-07 13:58:02 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Tom "spot" Callaway 2001-08-08 20:15:11 UTC
Description of Problem:
tcp_wrappers parses control characters.
this means that if a user has the following in /etc/hosts.deny:

ALL: ALL<control character>

it treats it as a deny of the service called ALL<control character>...
which will never exist. this is especially a problem for windows users who
edit config files, which we don't want to condone, but tcp_wrappers should
be smart enough to strip out control characters when parsing

How To Reproduce:
add control characters to an ALL: ALL entry in /etc/hosts.deny
then, try to connect to a service that would be blocked by tcp_wrappers
(sshd, telnetd, sendmail).

Actual Results:

Service access is allowed.

Expected Results:

Service access is denied.

Comment 1 Florian La Roche 2001-08-09 11:16:33 UTC
I don't think that this warrants to change the original source code and
probably maintaining it for this package.

Can you give an example on how a broken new file might get in place with
control characters?
Thanks a lot,

Florian La Roche

Comment 2 Tom "spot" Callaway 2001-08-09 15:11:31 UTC
a broken new file, never (unless we start editing the rpm defaults with
windows... heh) but a broken file on an edited system is a very likely system,
and something thats difficult to debug (we had a support issue on this
yesterday) since control characters don't show up in vim/emacs.

my belief is this: tcp_wrappers will never have a hosts.allow/hosts.deny service
that has control characters in it, so it would be very nice of it to ignore
control characters as it parses. this would make debugging problems with
customers faster, and not require the use of a hex editor.

Comment 3 Thomas Woerner 2004-10-07 13:58:02 UTC
Please verify this with a newer version of Red Hat Enterprise Linux or
Fedora Core and reopen it against the new version if it still occurs.

Closing as "not a bug" for now.

Note You need to log in before you can comment on or make changes to this bug.