[stunnel-users] stunnel silently dies
Michal Trojnara
Michal.Trojnara at mobi-com.net
Mon Oct 17 14:10:53 CEST 2005
"Uffe Vedenbrant" <sqm at mynta.org> wrote:
> I.e. libwrap will complain about unauthorized access and keep on running,
> not just die without any logging at all..
>
> I really cannot say however if this is a stunnel or libwrap bug/feature..
> I.e. is stunnel to sensitive of what it gets back from
> libwrap or is libwrap sending more data than needed back to stunnel..
Libwrap hosts_access(3) manual claims:
hosts_access() consults the access control tables described in
the
hosts_access(5) manual page. When internal endpoint information
is
available, host names and client user names are looked up on
demand,
using the request structure as a cache. hosts_access() returns zero
if
access should be denied.
On the other hand hosts_options(5) claims:
twist shell_command
Replace the current process by an instance of the
specified
shell command, after performing the %<letter>
expansions
described in the hosts_access(5) manual page. Stdin, stdout
and
stderr are connected to the client process. This option
must
appear at the end of a rule.
In this case hosts_access *does not return at all*. 8-)
Good news!
I've just modified stunnel to run libwrap as a separate process.
Here is the beta version. It should work fine with twist option.
ftp://stunnel.mirt.net/stunnel/stunnel-4.13b1.tar.gz
Best regards,
Mike
More information about the stunnel-users
mailing list