>Number:         30479
>Category:       bin
>Synopsis:       named does not use the available libwrap/hosts_access functions
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 09 09:53:00 +0000 2005
>Originator:     Paul Shupak
>Release:        NetBSD 3.99.5
>Organization:
	
>Environment:
	
	
System: NetBSD cobalt 3.99.5 NetBSD 3.99.5 (COBALT-$Revision: 1.4 $) #7: Mon Jun 6 00:13:30 PDT 2005 root@svcs:/sys/arch/i386/compile/COBALT i386
Architecture: i386
Machine: i386
>Description:
	Note that named does not use libwrap/hosts_access - which would/could
	be very useful in blocking exploitation attempts.
	% ldd `which named`
/usr/sbin/named:
	-lpthread.0 => /usr/lib/libpthread.so.0
	-lc.12 => /usr/lib/libc.so.12

	Primarily, the "twist" extension and {RBL} construct are more
	flexible than the built-in access control (and allow a meaningful
	return message instead of just a refusal to perform the requested
	query).
	
>How-To-Repeat:
	Examine the Makefiles and/or the description above
>Fix:
	Yes, please.

>Unformatted: