Subject: Re: hosts.deny has no effect for ntalkd
To: Pavel Cahyna <pavel.cahyna@st.mff.cuni.cz>
From: Greg A. Woods <woods@weird.com>
List: tech-net
Date: 11/01/2002 16:44:57
[ On Friday, November 1, 2002 at 19:54:18 (+0100), Pavel Cahyna wrote: ]
> Subject: hosts.deny has no effect for ntalkd
>
> I'm running NetBSD 1.5.3. When I have ntalkd enabled in /etc/inetd.conf,
> line ALL: ALL in hosts.deny and no hosts.allow, I discovered that I can
> connect to talkd from other machine. Ftp doesn't work, as expected, but
> talk does and inetd does not even log the connection, even if it's
> invoked with the -l option. (I know the code is called "tcpwrappers" not
> "udpwrappers" bud the original tcpd man page (available eg. on linux
> systems) states it works for udp.)
>
> Does please anybody know if it is a bug?
Well, not so much a bug as just an "incomplete" feature....
Indeed the problem is because ntalk is a UDP service.
The integrated TCP Wrappers support in inetd is only for TCP services
(and only for "external" TCP services too unless you recompile inetd
with -DLIBWRAP_INTERNAL). UDP services are not protected (or logged
with '-l'). "wait" services aren't even wrapped as far as I can tell.
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@ieee.org>; <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>