home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1993
/
Internet Info CD-ROM (Walnut Creek) (1993).iso
/
security
/
log_tcp_5.0-to-5.1
< prev
next >
Wrap
Internet Message Format
|
1993-03-25
|
7KB
From comp.sources.misc Thu Mar 25 10:43:44 1993
Newsgroups: comp.sources.misc
Path: svin09.info.win.tue.nl!ruuinf!sun4nl!mcsun!uunet!sparky!kent
From: wietse@wzv.win.tue.nl (Wietse Venema)
Subject: v36i068: log_tcp - TCP/IP daemon wrapper, v5.0, Patch01
Message-ID: <1993Mar25.045752.4819@sparky.imd.sterling.com>
Followup-To: comp.sources.d
X-Md4-Signature: 4dfd3a313cbdaeb28f014f5f40d570c0
Keywords: log_tcp, tcpd, tcp wrapper, frontd
Sender: kent@sparky.imd.sterling.com (Kent Landfield)
Organization: Eindhoven University of Technology, The Netherlands
References: <csm-v36i004=log_tcp.221238@sparky.IMD.Sterling.COM>
Date: Thu, 25 Mar 1993 04:57:52 GMT
Approved: kent@sparky.imd.sterling.com
Lines: 173
Submitted-by: wietse@wzv.win.tue.nl (Wietse Venema)
Posting-number: Volume 36, Issue 68
Archive-name: log_tcp/patch01
Environment: UNIX
Patch-To: log_tcp: Volume 36, Issue 4-6
A bug in the SunOS 4.x implementation of the getsockopt() system call
can cause occasional kernal panics (BAD TRAP, Data fault). This happens
only when the protection against source-routing attacks is enabled. The
workaround is to disable this protection by default.
Wietse
*** ./patchlevel.h- Sun Mar 7 22:48:02 1993
--- ./patchlevel.h Wed Mar 24 22:42:54 1993
***************
*** 1,3 ****
#ifndef lint
! static char patchlevel[] = "@(#) patchlevel 5.0";
#endif
--- 1,3 ----
#ifndef lint
! static char patchlevel[] = "@(#) patchlevel 5.1";
#endif
*** ./BLURB- Sun Mar 7 22:47:51 1993
--- ./BLURB Wed Mar 24 22:42:40 1993
***************
*** 1,4 ****
! @(#) BLURB 1.7 93/03/07 22:47:49
With the programs that come with this kit you can monitor incoming
requests for IP services such as TFTP, EXEC, FTP, RSH, TELNET, RLOGIN,
--- 1,4 ----
! @(#) BLURB 1.8 93/03/24 22:42:37
With the programs that come with this kit you can monitor incoming
requests for IP services such as TFTP, EXEC, FTP, RSH, TELNET, RLOGIN,
***************
*** 16,22 ****
The most notable differences with respect to the previous release are:
! - Additional protection against attacks from hosts that pretend to
have someone elses network address. For example, the address of a
trusted host within your own network.
--- 16,22 ----
The most notable differences with respect to the previous release are:
! - Optional protection against attacks from hosts that pretend to
have someone elses network address. For example, the address of a
trusted host within your own network.
***************
*** 38,45 ****
- Still more documentation. The README file now provides tutorial
sections with introductions to client, server, inetd and syslogd.
! With the exception of source routed connections, the default mode of
! operation should be backwards compatible with earlier versions.
Wietse Venema (wietse@wzv.win.tue.nl),
Department of Mathematics and Computing Science,
--- 38,45 ----
- Still more documentation. The README file now provides tutorial
sections with introductions to client, server, inetd and syslogd.
! The default mode of operation should be backwards compatible with
! earlier versions.
Wietse Venema (wietse@wzv.win.tue.nl),
Department of Mathematics and Computing Science,
*** ./README- Sun Mar 7 22:47:27 1993
--- ./README Wed Mar 24 22:42:51 1993
***************
*** 1,4 ****
! @(#) README 1.9 93/03/07 22:47:24
Table of contents
--- 1,4 ----
! @(#) README 1.10 93/03/24 22:42:46
Table of contents
***************
*** 281,287 ****
will be disabled for all TCP connections that are handled by the
wrapper programs.
! The feature is enabled by default. It can be turned off by editing the
Makefile. The configuration and installation section below describes
the Makefile editing process.
--- 281,292 ----
will be disabled for all TCP connections that are handled by the
wrapper programs.
! All this cannot be used with SunOS 4.x because of a kernel bug in the
! implementation of the getsockopt() system call. Kernel panics have been
! reported for SunOS 4.1.1 and SunOS 4.1.2. The symptoms are "BAD TRAP"
! and "Data fault" while executing the tcp_ctloutput() kernel function.
!
! The feature is disabled by default. It can be turned on by editing the
Makefile. The configuration and installation section below describes
the Makefile editing process.
*** ./Makefile.dist- Sun Mar 7 22:47:46 1993
--- ./Makefile.dist Wed Mar 24 22:42:44 1993
***************
*** 1,4 ****
! # @(#) Makefile.dist 1.1 93/03/07 22:47:45
#
# If you did not already do so, copy the file Makefile.dist to Makefile
# and edit the copy, not the original. Have a copy of the README file at
--- 1,4 ----
! # @(#) Makefile.dist 1.2 93/03/24 22:42:41
#
# If you did not already do so, copy the file Makefile.dist to Makefile
# and edit the copy, not the original. Have a copy of the README file at
***************
*** 272,281 ****
PARANOID= -DPARANOID
! ##############################################
! # Turning off host ADDRESS checking (Optional)
#
! # By default, the software tries to protect against hosts that pretend to
# have someone elses host address. This is relevant for network services
# whose authentication depends on host names, such as rsh and rlogin,
# because the network address is used to look up the remote host name.
--- 272,281 ----
PARANOID= -DPARANOID
! #############################################
! # Turning on host ADDRESS checking (Optional)
#
! # Optionally, the software tries to protect against hosts that pretend to
# have someone elses host address. This is relevant for network services
# whose authentication depends on host names, such as rsh and rlogin,
# because the network address is used to look up the remote host name.
***************
*** 286,295 ****
# My site has been running rlogind and rshd daemons that implement this
# feature for more than 2 years, and without any ill effects.
#
! # Comment out the following definition if you do not need the additional
! # protection.
!
! KILL_OPT= -DKILL_IP_OPTIONS
## End configuration options
############################
--- 286,299 ----
# My site has been running rlogind and rshd daemons that implement this
# feature for more than 2 years, and without any ill effects.
#
! # This feature cannot be used with SunOS 4.x because of a kernel bug in
! # the implementation of the getsockopt() system call. Kernel panics have
! # been reported for SunOS 4.1.1 and SunOS 4.1.2. Symptoms are "BAD TRAP"
! # and "Data fault" while executing the tcp_ctloutput() kernel function.
! #
! # Uncomment the following macro definition if your getsockopt() is OK.
! #
! # KILL_OPT= -DKILL_IP_OPTIONS
## End configuration options
############################
exit 0 # Just in case...