Subject: bin/30479: named should use libwrap/hosts_access
To: None <,>
From: None <>
List: netbsd-bugs
Date: 06/09/2005 09:53:00
>Number:         30479
>Category:       bin
>Synopsis:       named does not use the available libwrap/hosts_access functions
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 09 09:53:00 +0000 2005
>Originator:     Paul Shupak
>Release:        NetBSD 3.99.5
System: NetBSD cobalt 3.99.5 NetBSD 3.99.5 (COBALT-$Revision: 1.4 $) #7: Mon Jun 6 00:13:30 PDT 2005 root@svcs:/sys/arch/i386/compile/COBALT i386
Architecture: i386
Machine: i386
	Note that named does not use libwrap/hosts_access - which would/could
	be very useful in blocking exploitation attempts.
	% ldd `which named`
	-lpthread.0 => /usr/lib/
	-lc.12 => /usr/lib/

	Primarily, the "twist" extension and {RBL} construct are more
	flexible than the built-in access control (and allow a meaningful
	return message instead of just a refusal to perform the requested
	Examine the Makefiles and/or the description above
	Yes, please.