diff options
| author | Jason Downs <downsj@cvs.openbsd.org> | 1997-06-01 05:21:41 +0000 |
|---|---|---|
| committer | Jason Downs <downsj@cvs.openbsd.org> | 1997-06-01 05:21:41 +0000 |
| commit | 98ff0b975966dd364e0ac65ea69a47428f4cb30d (patch) | |
| tree | 27810eb702e2c2af8dab86b33ef4cb3d1f939f19 /libexec/tcpd/BLURB | |
| parent | 35e2674058795ade9d8ca6058f815dfd7d1ee384 (diff) | |
A few changed from tcp_wrappers 7.6
Diffstat (limited to 'libexec/tcpd/BLURB')
| -rw-r--r-- | libexec/tcpd/BLURB | 26 |
1 files changed, 12 insertions, 14 deletions
diff --git a/libexec/tcpd/BLURB b/libexec/tcpd/BLURB index cc95cf74285..8d82fa7826f 100644 --- a/libexec/tcpd/BLURB +++ b/libexec/tcpd/BLURB @@ -1,5 +1,5 @@ -$OpenBSD: BLURB,v 1.1 1997/02/26 06:00:30 downsj Exp $ -@(#) BLURB 1.27 97/02/12 02:13:17 +$OpenBSD: BLURB,v 1.2 1997/06/01 05:21:39 downsj Exp $ +@(#) BLURB 1.28 97/03/21 19:27:18 With this package you can monitor and filter incoming requests for the SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other @@ -12,20 +12,18 @@ requested service; the wrappers do not exchange information with the client or server applications, and impose no overhead on the actual conversation between the client and server applications. -This patch upgrades the tcp wrappers version 7.4 source code to version -7.5. Highlights of this release: - - - Support for more UNIX system types. - - - Improved protection against IP spoofing attacks with source-routed - TCP connections, by refusing them. This protection is not enabled by - default. +This patch upgrades the tcp wrappers version 7.5 source code to +version 7.6. The source-routing protection in version 7.5 was not +as strong as it could be. And all this effort was not needed with +modern UNIX systems that can already stop source-routed traffic in +the kernel. Examples are 4.4BSD derivatives, Solaris 2.x, and Linux. This release does not introduce new features. Do not bother applying -this patch when you built your current tcp wrapper without enabling the -KILL_OPTIONS compiler switch. The patch is not useful for obsolete UNIX -versions that pre-date 4.4BSD, such as SunOS 4. Such systems are unable -to receive source-routed connections and are therefore not vulnerable +this patch when you built your version 7.x tcp wrapper without +enabling the KILL_IP_OPTIONS compiler switch; when you can disable +IP source routing options in the kernel; when you run a UNIX version +that pre-dates 4.4BSD, such as SunOS 4. Such systems are unable to +receive source-routed connections and are therefore not vulnerable to IP spoofing attacks with source-routed TCP connections. A complete change log is given in the CHANGES document. As always, |