SOURCES: tcp_wrappers-safe_finger.patch (NEW), tcp_wrappers-docs.p...

baggins baggins at pld-linux.org
Sat Jul 7 02:56:25 CEST 2007 

Author: baggins                      Date: Sat Jul  7 00:56:25 2007 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- split from tcp_wrappers-fix.patch

---- Files affected:
SOURCES:
   tcp_wrappers-safe_finger.patch (NONE -> 1.1)  (NEW), tcp_wrappers-docs.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/tcp_wrappers-safe_finger.patch
diff -u /dev/null SOURCES/tcp_wrappers-safe_finger.patch:1.1
--- /dev/null	Sat Jul  7 02:56:25 2007
+++ SOURCES/tcp_wrappers-safe_finger.patch	Sat Jul  7 02:56:20 2007
@@ -0,0 +1,20 @@
+diff -urN tcp_wrappers_7.6.orig/safe_finger.c tcp_wrappers_7.6/safe_finger.c
+--- tcp_wrappers_7.6.orig/safe_finger.c	Mon Dec 13 13:58:15 1999
++++ tcp_wrappers_7.6/safe_finger.c	Mon Dec 13 14:15:09 1999
+@@ -31,14 +31,14 @@
+ 
+ /* Local stuff */
+ 
+-char    path[] = "PATH=/bin:/usr/bin:/usr/ucb:/usr/bsd:/etc:/usr/etc:/usr/sbin";
++char    path[] = "PATH=/bin:/usr/bin:/sbin:/usr/sbin";
+ 
+ #define	TIME_LIMIT	60		/* Do not keep listinging forever */
+ #define	INPUT_LENGTH	100000		/* Do not keep listinging forever */
+ #define	LINE_LENGTH	128		/* Editors can choke on long lines */
+ #define	FINGER_PROGRAM	"finger"	/* Most, if not all, UNIX systems */
+ #define	UNPRIV_NAME	"nobody"	/* Preferred privilege level */
+-#define	UNPRIV_UGID	32767		/* Default uid and gid */
++#define	UNPRIV_UGID	99		/* Default uid and gid */
+ 
+ int     finger_pid;
+ 

================================================================
Index: SOURCES/tcp_wrappers-docs.patch
diff -u /dev/null SOURCES/tcp_wrappers-docs.patch:1.1
--- /dev/null	Sat Jul  7 02:56:25 2007
+++ SOURCES/tcp_wrappers-docs.patch	Sat Jul  7 02:56:20 2007
@@ -0,0 +1,56 @@
+diff -urN tcp_wrappers_7.6.orig/README tcp_wrappers_7.6/README
+--- tcp_wrappers_7.6.orig/README	Mon Dec 13 13:58:15 1999
++++ tcp_wrappers_7.6/README	Mon Dec 13 14:09:31 1999
+@@ -169,7 +169,7 @@
+ 2) The advanced way: leave the network daemons alone and modify the
+    inetd configuration file.  For example, an entry such as:
+ 
+-     tftp  dgram  udp  wait  root  /usr/etc/tcpd  in.tftpd -s /tftpboot
++     tftp  dgram  udp  wait  root  /usr/sbin/tcpd  in.tftpd -s /tftpboot
+ 
+    When a tftp request arrives, inetd will run the wrapper program
+    (tcpd) with a process name `in.tftpd'.  This is the name that the
+@@ -821,12 +821,12 @@
+ Then perform the following edits on the inetd configuration file
+ (usually /etc/inetd.conf or /etc/inet/inetd.conf):
+ 
+-    finger  stream  tcp     nowait  nobody  /usr/etc/in.fingerd     in.fingerd
+-                                            ^^^^^^^^^^^^^^^^^^^
++    finger  stream  tcp     nowait  nobody  /usr/sbin/in.fingerd     in.fingerd
++                                            ^^^^^^^^^^^^^^^^^^^^
+ becomes:
+ 
+-    finger  stream  tcp     nowait  nobody  /usr/etc/tcpd           in.fingerd
+-                                            ^^^^^^^^^^^^^
++    finger  stream  tcp     nowait  nobody  /usr/sbin/tcpd           in.fingerd
++                                            ^^^^^^^^^^^^^^
+ Send a `kill -HUP' to the inetd process to make the change effective.
+ Some IRIX inetd implementations require that you first disable the
+ finger service (comment out the finger service and `kill -HUP' the
+@@ -873,7 +873,7 @@
+ Instead you can specify, in the inetd configuration file, an absolute
+ path name for the daemon process name.  For example,
+ 
+-    ntalk   dgram   udp     wait    root    /usr/etc/tcpd /usr/local/lib/ntalkd
++    ntalk   dgram   udp     wait    root    /usr/sbin/tcpd /usr/sbin/in.ntalkd
+ 
+ When the daemon process name is an absolute path name, tcpd ignores the
+ value of the REAL_DAEMON_DIR constant, and uses the last path component
+@@ -940,7 +940,7 @@
+ you can look up the name from the inetd configuration file. Coming back
+ to the tftp example in the tutorial section above:
+ 
+-    tftp  dgram  udp  wait  root  /usr/etc/tcpd  in.tftpd -s /tftpboot
++    tftp  dgram  udp  wait  root  /usr/sbin/tcpd  in.tftpd -s /tftpboot
+ 
+ This entry causes the inetd to run the wrapper program (tcpd) with a
+ process name `in.tftpd'.  This is the name that the wrapper will use
+@@ -976,7 +976,7 @@
+ listener, but it should be registered in the inetd configuration file.
+ For example:
+ 
+-    smtp    stream  tcp     nowait  root    /usr/etc/tcpd /usr/lib/sendmail -bs
++    smtp    stream  tcp     nowait  root    /usr/sbin/tcpd /usr/lib/sendmail -bs
+ 
+ You will still need to run one sendmail background process to handle
+ queued-up outgoing mail. A command like:
================================================================

More information about the pld-cvs-commit mailing list