Red Hat Bugzilla – Bug 51262
tcp_wrappers parses control characters
Last modified: 2007-04-18 12:35:38 EDT
Description of Problem: tcp_wrappers parses control characters. this means that if a user has the following in /etc/hosts.deny: ALL: ALL<control character> it treats it as a deny of the service called ALL<control character>... which will never exist. this is especially a problem for windows users who edit config files, which we don't want to condone, but tcp_wrappers should be smart enough to strip out control characters when parsing hosts.allow/hosts.deny. How To Reproduce: add control characters to an ALL: ALL entry in /etc/hosts.deny then, try to connect to a service that would be blocked by tcp_wrappers (sshd, telnetd, sendmail). Actual Results: Service access is allowed. Expected Results: Service access is denied.
I don't think that this warrants to change the original source code and probably maintaining it for this package. Can you give an example on how a broken new file might get in place with control characters? Thanks a lot, Florian La Roche
a broken new file, never (unless we start editing the rpm defaults with windows... heh) but a broken file on an edited system is a very likely system, and something thats difficult to debug (we had a support issue on this yesterday) since control characters don't show up in vim/emacs. my belief is this: tcp_wrappers will never have a hosts.allow/hosts.deny service that has control characters in it, so it would be very nice of it to ignore control characters as it parses. this would make debugging problems with customers faster, and not require the use of a hex editor.
Please verify this with a newer version of Red Hat Enterprise Linux or Fedora Core and reopen it against the new version if it still occurs. Closing as "not a bug" for now.