[stunnel-users] stunnel silently dies

Michal Trojnara Michal.Trojnara at mobi-com.net
Mon Oct 17 14:10:53 CEST 2005


"Uffe Vedenbrant" <sqm at mynta.org> wrote:
> I.e. libwrap will complain about unauthorized access and keep on running, 
> not just die without any logging at all..
>
> I really cannot say however if this is a stunnel or libwrap bug/feature.. 
> I.e. is stunnel to sensitive of what it gets back from
> libwrap or is libwrap sending more data than needed back to stunnel..

Libwrap hosts_access(3) manual claims:
       hosts_access() consults the access  control  tables  described  in 
the
       hosts_access(5)  manual  page.   When  internal endpoint information 
is
       available, host names and client user names are looked  up  on 
demand,
       using the request structure as a cache.  hosts_access() returns zero 
if
       access  should  be  denied.

On the other hand hosts_options(5) claims:
       twist shell_command
              Replace the current process by  an  instance  of  the 
specified
              shell   command,   after  performing  the  %<letter> 
expansions
              described in the hosts_access(5) manual page.  Stdin, stdout 
and
              stderr  are  connected  to  the client process. This option 
must
              appear at the end of a rule.

In this case hosts_access *does not return at all*.  8-)

Good news!
I've just modified stunnel to run libwrap as a separate process.
Here is the beta version.  It should work fine with twist option.
ftp://stunnel.mirt.net/stunnel/stunnel-4.13b1.tar.gz

Best regards,
    Mike




More information about the stunnel-users mailing list