Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 51262 - tcp_wrappers parses control characters
tcp_wrappers parses control characters
Product: Red Hat Linux
Classification: Retired
Component: tcp_wrappers (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
David Lawrence
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2001-08-08 16:15 EDT by Tom "spot" Callaway
Modified: 2007-04-18 12:35 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-10-07 09:58:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tom "spot" Callaway 2001-08-08 16:15:11 EDT
Description of Problem:
tcp_wrappers parses control characters.
this means that if a user has the following in /etc/hosts.deny:

ALL: ALL<control character>

it treats it as a deny of the service called ALL<control character>...
which will never exist. this is especially a problem for windows users who
edit config files, which we don't want to condone, but tcp_wrappers should
be smart enough to strip out control characters when parsing

How To Reproduce:
add control characters to an ALL: ALL entry in /etc/hosts.deny
then, try to connect to a service that would be blocked by tcp_wrappers
(sshd, telnetd, sendmail).

Actual Results:

Service access is allowed.

Expected Results:

Service access is denied.
Comment 1 Florian La Roche 2001-08-09 07:16:33 EDT
I don't think that this warrants to change the original source code and
probably maintaining it for this package.

Can you give an example on how a broken new file might get in place with
control characters?
Thanks a lot,

Florian La Roche

Comment 2 Tom "spot" Callaway 2001-08-09 11:11:31 EDT
a broken new file, never (unless we start editing the rpm defaults with
windows... heh) but a broken file on an edited system is a very likely system,
and something thats difficult to debug (we had a support issue on this
yesterday) since control characters don't show up in vim/emacs.

my belief is this: tcp_wrappers will never have a hosts.allow/hosts.deny service
that has control characters in it, so it would be very nice of it to ignore
control characters as it parses. this would make debugging problems with
customers faster, and not require the use of a hex editor.
Comment 3 Thomas Woerner 2004-10-07 09:58:02 EDT
Please verify this with a newer version of Red Hat Enterprise Linux or
Fedora Core and reopen it against the new version if it still occurs.

Closing as "not a bug" for now.

Note You need to log in before you can comment on or make changes to this bug.