Differential D41921

tcp_wrappers: remove "spawn" and "twist" options
Needs RevisionPublic
Actions

Authored by emaste on Sep 20 2023, 1:00 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sat, Oct 19, 3:23 PM

	Unknown Object (File)
	Oct 8 2024, 12:19 PM

	Unknown Object (File)
	Oct 3 2024, 7:12 PM

	Unknown Object (File)
	Oct 1 2024, 3:22 PM

	Unknown Object (File)
	Sep 24 2024, 2:57 AM

	Unknown Object (File)
	Sep 18 2024, 10:11 AM

	Unknown Object (File)
	Sep 7 2024, 3:34 PM

	Unknown Object (File)
	Sep 7 2024, 1:31 PM

View All 25 Files

Subscribers

Details

Reviewers

glebius
bz

Group Reviewers

secteam

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

emaste requested review of this revision.Sep 20 2023, 1:00 PM

emaste created this revision.

emaste mentioned this in D41620: Handbook WG - Security.Sep 20 2023, 1:06 PM

Given this is a public review, can you please explain why? Spawn is very helpful for a lot of things and I can only assume the problem is "security" to remove it?

This revision now requires changes to proceed.Sep 20 2023, 1:20 PM

Sorry didn't mean to veto as secteam; removed myself from that group.

Ok. I give up on Phab today

Yep, what's the rationale?

Things I know people did (some predate AUDIT) and do with spawn:

write custom logs for certain services
seed further systems with information
trigger events into other "audit" systems
simply send a notification email on service access

A lot of these things could probably be done by syslog log file post-processing but the reliability of that in some cases wasn't good enough.

Revision Contents
Changeset List

Path

Size

contrib/

tcp_wrappers/

hosts_options.5

50 lines

options.c

52 lines

Diff 127566

View Options

contrib/tcp_wrappers/hosts_options.5