Micah Anderson wrote:
and then soon after, you released a version 4.25 of stunnel, with this changelog entry:
* Bugfixes - Spawning libwrap processes delayed until privileges are dropped.but we do not see the libwrap processes spawned as anything but the privileged user still.
I'm sorry if I am missing something obvious here, and I appreciate your explanation!
What you're missing is an entry for stunnel 4.26:
- /etc/hosts.allow and /etc/hosts.deny no longer need to be copied
to the chrooted directory, as the libwrap processes are no longer chrooted.
Basically I received some complaints and I decided to withdraw this modification. Chrooting libwrap processes was a bad idea.
Honestly I'm sure libwrap (first released by Wietse Venema in 1990) is *a lot* more mature and secure compared to OpenSSL. In case there are any security vulnerabilities in libwrap, stunnel is the least of our problems...
Mike