xinetd, tcpd and libwrap on RH9 and 7.2
In need to understand this in detail as I'm writing code to analyse wrapper config vulnerabilities on various *N*Xes.
As I understand it if you want to use /etc/hosts.allow(deny) on (say) Solaris, you use tcpd as a 'wrapper' to launch services in /etc/inetd.conf. Or you could link libwrap into your binary.
On RH I can't see tcpd used anywhere, but adding ALL:ALL to hosts.deny prevents access to rlogin (launched by xinetd) and sshd (launched from the init.d scripts).
As far as I can see it works the same on RH7 and RH9. On RH9 'ldd' shows libwrap linked into xinetd and sshd so I guess that makes sense. However, on RH7 ldd doesn't show libwarp as being liked into xinetd or sshd.
So here are my questions:
- How is tcpwrappers implimented on RH7?
- Can I use tcpd to launch any network service (say from the shell prompt) or just those in inetd.conf?
- Why doesn't adding to hosts.deny 'xinetd:ALL' prevent access to everything launched by xinetd? (try it..)