On Sun, 11.01.15 21:29, Tomasz Torcz (to...@pipebreaker.pl) wrote:

> On Sat, Jan 10, 2015 at 12:16:38AM +0200, Pasi Kärkkäinen wrote:
> > Hello,
> > 
> > I recently noticed Debian/Ubuntu has had support for "aclexec" in 
> > tcp_wrappers via a custom patch since 2006,
> > so you can do this in /etc/hosts.allow or hosts.deny:
> > 
> > 
> > What do people feel about that? I'd like to see support for aclexec 
> > included in Fedora's tcp_wrappers package.
> 
>    Enhancing tcpwrappers isn't generally a way we are going:
> https://lists.fedoraproject.org/pipermail/devel/2014-March/196913.html
> 
>   Above discussions is only about proposal, no change was made.  But I highly 
> doubt
> any serious work on tcpwrappers will happen.

Well, we *did* drop tcpwrap support from systemd. It's not just OpenSSH
that is dropping it...

tcpwrap should really be removed. Having such crap, unmaintained code
responsible for security checks is completely backwards.

Lennart

-- 
Lennart Poettering, Red Hat
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Reply via email to