* HEADSUP: OpenSSH 6.7 drops tcpwrapper support
@ 2014-08-18 11:53 Corinna Vinschen
2014-08-19 18:23 ` D. Boland
2014-08-19 19:05 ` Andrey Repin
0 siblings, 2 replies; 4+ messages in thread
From: Corinna Vinschen @ 2014-08-18 11:53 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 840 bytes --]
Hi folks,
Just a HEADSUP to all of you actively using the tcp_wrappers/libwrap
functionality in sshd:
Starting with the next OpenSSH version 6.7, which will be released soon,
upstream removed support for tcp_wrappers/libwrap from the sources.
While that's bad from a compatibility point of view, the upstream
developers are adamant about this change for security reasons.
So, if you configured /etc/hosts.allow and/or /etc/hosts.deny files in
your Cygwin installation to block certain connections to your sshd
service, you will have to find other means to do that ASAP:
- Utilize the sshd_config Match rule.
- Utilize your firewall.
Hope that helps,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: HEADSUP: OpenSSH 6.7 drops tcpwrapper support
2014-08-18 11:53 HEADSUP: OpenSSH 6.7 drops tcpwrapper support Corinna Vinschen
@ 2014-08-19 18:23 ` D. Boland
2014-08-19 19:10 ` Corinna Vinschen
2014-08-19 19:05 ` Andrey Repin
1 sibling, 1 reply; 4+ messages in thread
From: D. Boland @ 2014-08-19 18:23 UTC (permalink / raw)
To: cygwin
Hi Corinna,
Corinna Vinschen wrote:
>
> Hi folks,
>
> Just a HEADSUP to all of you actively using the tcp_wrappers/libwrap
> functionality in sshd:
>
> Starting with the next OpenSSH version 6.7, which will be released soon,
> upstream removed support for tcp_wrappers/libwrap from the sources.
>
> While that's bad from a compatibility point of view, the upstream
> developers are adamant about this change for security reasons.
Can you point me to any documentation about this?
Daniel
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: HEADSUP: OpenSSH 6.7 drops tcpwrapper support
2014-08-18 11:53 HEADSUP: OpenSSH 6.7 drops tcpwrapper support Corinna Vinschen
2014-08-19 18:23 ` D. Boland
@ 2014-08-19 19:05 ` Andrey Repin
1 sibling, 0 replies; 4+ messages in thread
From: Andrey Repin @ 2014-08-19 19:05 UTC (permalink / raw)
To: Corinna Vinschen
Greetings, Corinna Vinschen!
> Starting with the next OpenSSH version 6.7, which will be released soon,
> upstream removed support for tcp_wrappers/libwrap from the sources.
> While that's bad from a compatibility point of view, the upstream
> developers are adamant about this change for security reasons.
> So, if you configured /etc/hosts.allow and/or /etc/hosts.deny files in
> your Cygwin installation to block certain connections to your sshd
> service, you will have to find other means to do that ASAP:
> - Utilize the sshd_config Match rule.
> - Utilize your firewall.
Am I correct that this will only affect SSHD access control mechanics?
Not the socket redirection?
--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 19.08.2014, <23:03>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: HEADSUP: OpenSSH 6.7 drops tcpwrapper support
2014-08-19 18:23 ` D. Boland
@ 2014-08-19 19:10 ` Corinna Vinschen
0 siblings, 0 replies; 4+ messages in thread
From: Corinna Vinschen @ 2014-08-19 19:10 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 942 bytes --]
On Aug 19 20:28, D. Boland wrote:
> Hi Corinna,
>
> Corinna Vinschen wrote:
> >
> > Hi folks,
> >
> > Just a HEADSUP to all of you actively using the tcp_wrappers/libwrap
> > functionality in sshd:
> >
> > Starting with the next OpenSSH version 6.7, which will be released soon,
> > upstream removed support for tcp_wrappers/libwrap from the sources.
> >
> > While that's bad from a compatibility point of view, the upstream
> > developers are adamant about this change for security reasons.
>
> Can you point me to any documentation about this?
No, sorry. It has been discussed briefly on the openssh-unix-dev
developer list and it was referred to as old, unmaintained, dangerous
code which calls setjmp pretty much first thing in the library code.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-08-19 19:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-08-18 11:53 HEADSUP: OpenSSH 6.7 drops tcpwrapper support Corinna Vinschen
2014-08-19 18:23 ` D. Boland
2014-08-19 19:10 ` Corinna Vinschen
2014-08-19 19:05 ` Andrey Repin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).