[stunnel-users] stunnel silently dies

Uffe Vedenbrant sqm at mynta.org
Tue Oct 18 21:48:15 CEST 2005


Great!

It didn't die..
I hope that this does not cause high load on servers
accepting a high number of connects per second..

/Uffe

Michal Trojnara wrote:
> "Uffe Vedenbrant" <sqm at mynta.org> wrote:
> 
>> I.e. libwrap will complain about unauthorized access and keep on 
>> running, not just die without any logging at all..
>>
>> I really cannot say however if this is a stunnel or libwrap 
>> bug/feature.. I.e. is stunnel to sensitive of what it gets back from
>> libwrap or is libwrap sending more data than needed back to stunnel..
> 
> 
> Libwrap hosts_access(3) manual claims:
>       hosts_access() consults the access  control  tables  described  in 
> the
>       hosts_access(5)  manual  page.   When  internal endpoint 
> information is
>       available, host names and client user names are looked  up  on 
> demand,
>       using the request structure as a cache.  hosts_access() returns 
> zero if
>       access  should  be  denied.
> 
> On the other hand hosts_options(5) claims:
>       twist shell_command
>              Replace the current process by  an  instance  of  the 
> specified
>              shell   command,   after  performing  the  %<letter> 
> expansions
>              described in the hosts_access(5) manual page.  Stdin, 
> stdout and
>              stderr  are  connected  to  the client process. This option 
> must
>              appear at the end of a rule.
> 
> In this case hosts_access *does not return at all*.  8-)
> 
> Good news!
> I've just modified stunnel to run libwrap as a separate process.
> Here is the beta version.  It should work fine with twist option.
> ftp://stunnel.mirt.net/stunnel/stunnel-4.13b1.tar.gz
> 
> Best regards,
>    Mike
> 
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users




More information about the stunnel-users mailing list