Subject: Re: "tcpdchk" doesn't know that "sshd" uses tcp wrappers
To: Jun-ichiro itojun Hagino <>
From: Frederick Bruckman <>
List: tech-userlevel
Date: 07/01/2001 07:35:36
On Sun, 1 Jul 2001, Jun-ichiro itojun Hagino wrote:

> 	hmmmm... it seems that the current methodology (maintain static
> 	database in tcpdchk) does not scale well.  i guess it better to
> 	- have /etc/foo.conf, which is a list of apps with embedded libwrap
> 	  support,
> 	- let tcpdchk use /etc/foo.conf,
> 	- and ship netbsd with default /etc/foo.conf, which has list of all
> 	  apps with libwrap support in the base tree

I thought of that, but it seems kind of silly. If I get a new program
that supports tcp wrappers, and add it to /etc/hosts.{allow,deny}, I
have to add it to /etc/foo.conf, just so "tcpdchk" won't warn? In that
case, who'll ever care what "tcpdchk" thinks?

> 	i'm not too sure about this since:
> 	- too much gratuitous difference with other libwrap implementation
> 	- why do we have to do this much on tcpdchk?  it maybe okay to ignore
> 	  these warnings altogether

Yes, I think so. I started on this after "tcpdchk" convinced me to
take "sshd: ALL" out of /etc/hosts.allow, which turned out to be
rather inconvenient (with deny by default). No warning, no problem.

I only turned to "tcpdchk" because I wasn't sure I was doing it right
at all. What would be better, I think, would be some practical
examples in /usr/share/examples.