"K. Schreiner" <ks%ub.uni-mainz.de@localhost> writes: > while chasing problems w/ access to ssh I've found that tcp_wrappers > are compiled without STYLE=-DPROCESS_OPTIONS, so only the basic syntax > in hosts.allow was recognized. > > Is there a special reason for not compiling tcp_wrappers by default > with STYLE=-DPROCESS_OPTIONS? This is usually a little complicatd. In theory, if someone had thought about it, and decided not to add that, there would be a comment. But in practice, there probably wouldn't be :-(. Typically, we try to build things following the upstream build instructions, unless that involves some big dependency that can be avoided by disabling something people don't need. Wow, a home page on ftp. And, a distfile from 2004. So this is unmaintained. The README does not mention PROCESS_OPTIONS. Reading the man page, PROCESS_OPTIONS enables running proceses, which seems perhaps unsafe given that this program is unmaintained. However, the copy of tcp_wrappers in the NetBSD base system has been defined with PROCESS_OPTIONS since 1997, so that is good precedent. I don't follow STYLE=-DPROCESS_OPTIONS vs CPPFLAGS+=-DPROCESS_OPTIONS but that isn't the hard part.
Attachment:
signature.asc
Description: PGP signature