CHANGES revision 44743
144743SmarkmRequest: after building the programs, please run the `tcpdchk' wrapper 244743Smarkmconfiguration checker. See the `tcpdchk.8' manual page (`nroff -man' 344743Smarkmformat) for instructions. `tcpdchk' automatically identifies the most 444743Smarkmcommon configuration problems, and will save you and me a lot of time. 544743Smarkm 644743SmarkmChanges per release 7.6 (Mar 1997) 744743Smarkm================================== 844743Smarkm 944743Smarkm- Improved the anti source-routing protection. The code in version 1044743Smarkm7.5 was not as strong as it could be, because I tried to be compatible 1144743Smarkmwith Linux. That was a mistake. Sorry for the inconvenience. 1244743Smarkm 1344743Smarkm- The program no longer terminates case of a source-routed connection, 1444743Smarkmmaking the IP-spoofing code more usable for long-running daemons. 1544743Smarkm 1644743Smarkm- When syslogging DNS hostname problems, always stop after a limited 1744743Smarkmnumber of characters. 1844743Smarkm 1944743SmarkmChanges per release 7.5 (Feb 1997) 2044743Smarkm================================== 2144743Smarkm 2244743Smarkm- Optionally refuse source-routed TCP connections requests altogether. 2344743SmarkmCredits to Niels Provos of Universitaet Hamburg. File: fix_options.c. 2444743Smarkm 2544743Smarkm- Support for IRIX 6 (Lael Tucker). 2644743Smarkm 2744743Smarkm- Support for Amdahl UTS 2.1.5 (Richard E. Richmond). 2844743Smarkm 2944743Smarkm- Support for SINIX 5.42 (Klaus Nielsen). 3044743Smarkm 3144743Smarkm- SCO 5 now has vsyslog() (Bill Golden). 3244743Smarkm 3344743Smarkm- Hints and tips for dealing with IRIX inetd (Niko Makila, Aaron 3444743SmarkmM Lee). 3544743Smarkm 3644743Smarkm- Support for BSD/OS (Paul Borman). 3744743Smarkm 3844743Smarkm- Support for Tandem (Emad Qawas). 3944743Smarkm 4044743Smarkm- Support for ISC (Frederick B. Cohen). 4144743Smarkm 4244743Smarkm- Workaround for UNICOS - it would choke on a setjmp() expression 4344743Smarkm(Bruce Kelly). File: hosts_access.c, tcpdchk.c. 4444743Smarkm 4544743Smarkm- Increased the level of buffer overflow paranoia when printing 4644743Smarkmunwanted IP options. File: fix_options.c. 4744743Smarkm 4844743SmarkmChanges per release 7.4 (Mar 1996) 4944743Smarkm================================== 5044743Smarkm 5144743Smarkm- IRIX 5.3 (and possibly, earlier releases, too) library routines call 5244743Smarkmthe non-reentrant strtok() routine. The result is that hosts may slip 5344743Smarkmthrough allow/deny filters. Workaround is to not rely on the vendor's 5444743Smarkmstrtok() routine (#ifdef LIBC_CALLS_STRTOK). Credits to Th. Eifert 5544743Smarkm(Aachen University) for spotting this one. This fix supersedes the 5644743Smarkmearlier workaround for a similar problem in FreeBSD 2.0. 5744743Smarkm 5844743SmarkmChanges per release 7.3 (Feb 1996) 5944743Smarkm================================== 6044743Smarkm 6144743Smarkm- More tests added to tcpdchk and tcpdmatch: make sure that the 6244743SmarkmREAL_DAEMON_DIR actually is a directory and not a regular file; 6344743Smarkmdetect if tcpd recursively calls itself. 6444743Smarkm 6544743Smarkm- Edwin Kremer found an amusing fencepost error in the xgets() 6644743Smarkmroutine: lines longer than BUFLEN characters would be garbled. 6744743Smarkm 6844743Smarkm- The access control routines now refuse to execute "dangerous" actions 6944743Smarkmsuch as `twist' when they are called from within a resident process. 7044743SmarkmThis prevents you from shooting yourself into the foot with critical 7144743Smarkmsystems programs such as, e.g., portmap or rpcbind. 7244743Smarkm 7344743Smarkm- Support for Unicos 8.x (Bruce Kelly). The program now closes the 7444743Smarkmsyslog client socket before running the real daemon: Cray UNICOS 7544743Smarkmrefuses to checkpoint processes with open network ports. 7644743Smarkm 7744743Smarkm- Support for MachTen UNIX (Albert M.C Tam). 7844743Smarkm 7944743Smarkm- Support for Interactive UNIX R3.2 V4.0 (Bobby D. Wright). 8044743Smarkm 8144743Smarkm- Support for SCO 3.2v5.0.0 OpenServer 5 (bob@odt.handy.com) 8244743Smarkm 8344743Smarkm- Support for Unixware 1.x and Unixware 2.x. The old Unixware Makefile 8444743Smarkmrule was broken. Sorry about that. 8544743Smarkm 8644743Smarkm- Some FreeBSD 2.0 libc routines call strtok() and severely mess up the 8744743Smarkmallow/deny rule processing. This is very bad. Workaround: call our own 8844743Smarkmstrtok() clone (#ifdef USE_STRSEP). 8944743Smarkm 9044743Smarkm- The programs now log a warning when they detect that a non-existent 9144743Smarkmbanner directory is specified. 9244743Smarkm 9344743Smarkm- The hosts_access.3 manual page used obsolete names for the RQ_* 9444743Smarkmconstants. 9544743Smarkm 9644743SmarkmChanges per release 7.2 (Jan 1995) 9744743Smarkm================================== 9844743Smarkm 9944743Smarkm- Added a note to the README and manpages on using the IDENT service to 10044743Smarkmdetect sequence number spoofing and other host impersonation attacks. 10144743Smarkm 10244743Smarkm- Portability: ConvexOS puts RPC version numbers before the daemon path 10344743Smarkmname (Jukka Ukkonen). 10444743Smarkm 10544743Smarkm- Portability: the AIX compiler disliked the strchr() declaration 10644743Smarkmin socket.c. I should have removed it when I included <string.h>. 10744743Smarkm 10844743Smarkm- Backwards compatibility: some people relied on the old leading dot or 10944743Smarkmtrailing dot magic in daemon process names. 11044743Smarkm 11144743Smarkm- Backwards compatibility: hostname lookup remains enabled when 11244743Smarkm-DPARANOID is turned off. In order to disable hostname lookups you 11344743Smarkmmust turn off -DALWAYS_HOSTNAME. 11444743Smarkm 11544743Smarkm- Eliminated false complaints from the tcpdmatch/tcpdchk configuration 11644743Smarkmchecking programs about process names not in inetd.conf or about KNOWN 11744743Smarkmusername patterns. 11844743Smarkm 11944743SmarkmChanges per release 7.1 (Jan 1995) 12044743Smarkm================================== 12144743Smarkm 12244743Smarkm- Portability: HP-UX permits you to break inetd.conf entries with 12344743Smarkmbackslash-newline. 12444743Smarkm 12544743Smarkm- Portability: EP/IX has no putenv() and some inetd.conf entries are 12644743Smarkmspread out over two lines. 12744743Smarkm 12844743Smarkm- Portability: SCO with NIS support has no *netgrent() routines. 12944743Smarkm 13044743SmarkmChanges per release 7.0 (Jan 1995) 13144743Smarkm================================== 13244743Smarkm 13344743Smarkm- Added a last-minute workaround for a Solaris 2.4 gethostbyname() 13444743Smarkmfoulup with multi-homed hosts in DNS through NIS mode. 13544743Smarkm 13644743Smarkm- Added a last-minute defense against TLI weirdness: address lookups 13744743Smarkmapparently succeed but the result netbuf is empty (ticlts transport). 13844743Smarkm 13944743Smarkm- Dropped several new solutions that were in need of a problem. Beta 14044743Smarkmtesters may recognize what new features were kicked out during the last 14144743Smarkmweeks before release 7.0 came out. Such is life. 14244743Smarkm 14344743Smarkm- Got rid of out the environment replacement routines, at least for 14444743Smarkmmost architectures. One should not have to replace working system 14544743Smarkmsoftware when all that is needed is a 4.4BSD setenv() emulator. 14644743Smarkm 14744743Smarkm- By popular request I have added an option to send banner messages to 14844743Smarkmclients. There is a Banners.Makefile that gives some aid for sites that 14944743Smarkmare going to use this feature. John C. Wingenbach did some pioneering 15044743Smarkmwork here. I used to think that banners are frivolous. Now that I had 15144743Smarkma personal need for them I know that banners can be useful. 15244743Smarkm 15344743Smarkm- At last: an extensible functional interface to the pattern matching 15444743Smarkmengine. request_init() and request_set() accept a variable-length 15544743Smarkmname-value argument list. The result can be passed to hosts_access(). 15644743Smarkm 15744743Smarkm- When PARANOID mode is disabled (compile time), the wrapper does no 15844743Smarkmhostname lookup or hostname double checks unless required by %letter 15944743Smarkmexpansions, or by access control rules that match host names. This is 16044743Smarkmuseful for sites that don't care about internet hostnames anyway. 16144743SmarkmInspired by the authors of the firewalls and internet security book. 16244743Smarkm 16344743Smarkm- When PARANOID mode is disabled (compile time), hosts with a name/name 16444743Smarkmor name/address conflict can be matched with the PARANOID host wildcard 16544743Smarkmpattern, so that you can take some intelligent action instead of just 16644743Smarkmdropping clients. Like showing a banner that explains the problem. 16744743Smarkm 16844743Smarkm- New percent escapes: %A expands to the server address; %H expands to 16944743Smarkmthe corresponding hostname (or address if no name is available); %n and 17044743Smarkm%N expand to the client and server hostname (or "unknown"); %s expands 17144743Smarkmto everything we know about the server endpoint (the opposite of the %c 17244743Smarkmsequence for client information). 17344743Smarkm 17444743Smarkm- Symmetry: server and client host information is now treated on equal 17544743Smarkmfooting, so that we can reuse a lot of code. 17644743Smarkm 17744743Smarkm- Lazy evaluation of host names, host addresses, usernames, and so on, 17844743Smarkmto avoid doing unnecessary work. 17944743Smarkm 18044743Smarkm- Dropping #ifdefs for some archaic systems made the code simpler. 18144743Smarkm 18244743Smarkm- Dropping the FAIL pattern made the pattern matcher much simpler. Run 18344743Smarkmthe "tcpdchk" program to scan your access control files for any uses of 18444743Smarkmthis obscure language feature. 18544743Smarkm 18644743Smarkm- Moving host-specific pattern matching from string_match() to the 18744743Smarkmhost_match() routine made the code more accurate. Run the "tcpdchk" 18844743Smarkmprogram to scan your access control files for any dependencies on 18944743Smarkmundocumented or obscure language features that are gone. 19044743Smarkm 19144743Smarkm- daemon@host patterns trigger on clients that connect to a specific 19244743Smarkminternet address. This can be useful for service providers that offer 19344743Smarkmmultiple ftp or www archives on different internet addresses, all 19444743Smarkmbelonging to one and the same host (www.foo.com, ftp.bar.com, you get 19544743Smarkmthe idea). Inspired by a discussion with Rop Gonggrijp, Cor Bosman, 19644743Smarkmand Casper Dik, and earlier discussions with Adrian van Bloois. 19744743Smarkm 19844743Smarkm- The new "tcpdchk" program critcizes all your access control rules and 19944743Smarkminetd.conf entries. Great for spotting obscure bugs in my own hosts.xxx 20044743Smarkmfiles. This program also detects hosts with name/address conflicts and 20144743Smarkmwith other DNS-related problems. See the "tcpdchk.8" manual page. 20244743Smarkm 20344743Smarkm- The "tcpdmatch" program replaces the poor old "try" command. The new 20444743Smarkmprogram looks in your inetd.conf file and therefore produces much more 20544743Smarkmaccurate predictions. In addition, it detects hosts with name/address 20644743Smarkmconflicts and with other DNS-related problems. See the "tcpdmatch.8" 20744743Smarkmmanual page. The inetd.conf lookup was suggested by Everett F Batey. 20844743Smarkm 20944743Smarkm- In the access control tables, the `=' between option name and value 21044743Smarkmis no longer required. 21144743Smarkm 21244743Smarkm- Added 60-second timeout to the safe_finger command, to cover another 21344743Smarkmpotential problem. Suggested by Peter Wemm. 21444743Smarkm 21544743Smarkm- Andrew Maffei provided code that works with WIN-TCP on NCR System V.4 21644743SmarkmUNIX. It reportedly works with versions 02.02.01 and 02.03.00. The code 21744743Smarkmpops off all streams modules above the device driver, pushes the timod 21844743Smarkmmodule to get at the peer address, and then restores the streams stack 21944743Smarkmto the initial state. 22044743Smarkm 22144743SmarkmChanges per release 6.3 (Mar 1994) 22244743Smarkm================================== 22344743Smarkm 22444743Smarkm- Keepalives option, to get rid of stuck daemons when people turn off 22544743Smarkmtheir PC while still connected. Files: options.c, hosts_options.5. 22644743Smarkm 22744743Smarkm- Nice option, to calm down network daemons that take away too much CPU 22844743Smarkmtime. Files: options.c, hosts_options.5. 22944743Smarkm 23044743Smarkm- Ultrix perversion: the environ global pointer may be null. The 23144743Smarkmenvironment replacement routines now check for this. File: environ.c. 23244743Smarkm 23344743Smarkm- Fixed a few places that still assumed the socket is on standard 23444743Smarkminput. Fixed some error messages that did not provide access control 23544743Smarkmfile name and line number. File: options.c. 23644743Smarkm 23744743Smarkm- Just when I was going to release 6.2 I received code for Dynix/PTX. 23844743SmarkmThat code is specific to PTX 2.x, so I'll keep around my generic 23944743SmarkmPTX code just in case. The difference is in the handling of UDP 24044743Smarkmservices. Files: tli_sequent.[hc]. 24144743Smarkm 24244743SmarkmChanges per release 6.2 (Feb 1994) 24344743Smarkm================================== 24444743Smarkm 24544743Smarkm- Resurrected my year-old code to reduce DNS load by appending a dot to 24644743Smarkmthe gethostbyname() argument. This feature is still experimental and it 24744743Smarkmmay go away if it causes more problems than it solves. File: socket.c. 24844743Smarkm 24944743Smarkm- Auxiliary code for the Pyramid, BSD universe. Karl Vogel figured out 25044743Smarkmwhat was missing: yp_get_default_domain() and vfprintf(). Files: 25144743Smarkmworkarounds.c, vfprintf.c. 25244743Smarkm 25344743Smarkm- Improved support for Dynix/PTX. The wrapper should now be able to 25444743Smarkmdeal with all TLI over IP services. File: ptx.c. 25544743Smarkm 25644743Smarkm- The try command now uses the hostname that gethostbyaddr() would 25744743Smarkmreturn, instead of the hostname returned by gethostbyname(). This can 25844743Smarkmbe significant on systems with NIS that have short host names in the 25944743Smarkmhosts map. For example, gethostbyname("wzv.win.tue.nl") returns 26044743Smarkm"wzv.win.tue.nl"; gethostbyaddr(131.155.210.17) returns "wzv", and 26144743Smarkmthat is what we should test with. File: try.c. 26244743Smarkm 26344743SmarkmChanges per release 6.1 (Dec 1993) 26444743Smarkm================================== 26544743Smarkm 26644743Smarkm- Re-implemented all environment access routines. Most systems have 26744743Smarkmputenv() but no setenv(), some systems have setenv() but no putenv(), 26844743Smarkmand there are even systems that have neither setenv() nor putenv(). The 26944743Smarkmbenefit of all this is that more systems can now be treated in the same 27044743Smarkmway. File: environ.c. 27144743Smarkm 27244743Smarkm- Workaround for a weird problem with DG/UX when the wrapper is run as 27344743Smarkmnobody (i.e. fingerd). For some reason the ioctl(fd, I_FIND, "sockmod") 27444743Smarkmcall fails even with socket-based applications. The "fix" is to always 27544743Smarkmassume sockets when the ioctl(fd, I_FIND, "timod") call fails. File: 27644743Smarkmfromhost.c. Thanks to Paul de Vries (vries@dutentb.et.tudelft.nl) for 27744743Smarkmhelping me to figure out this one. 27844743Smarkm 27944743Smarkm- Implemented a workaround for Dynix/PTX and other systems with TLI 28044743Smarkmthat lack some essential support routines. Thanks to Bugs Brouillard 28144743Smarkm(brouill@hsuseq.humboldt.edu) for the hospitality to try things out. 28244743SmarkmThe trick is to temporarily switch to the socket API to identify the 28344743Smarkmclient, and to switch back to TLI when done. It still does not work 28444743Smarkmright for basic network services such as telnet. File: fromhost.c. 28544743Smarkm 28644743Smarkm- Easy-to-build procedures for SCO UNIX, ConvexOS with UltraNet, EP/IX, 28744743SmarkmDynix 3.2, Dynix/PTX. File: Makefile. 28844743Smarkm 28944743Smarkm- Variable rfc931 timeout. Files: rfc931.c, options.c, log_tcp.h, try.c. 29044743Smarkm 29144743Smarkm- Further simplification of the rfc931 code. File: rfc931.c. 29244743Smarkm 29344743Smarkm- The fromhost() interface stinks: I cannot change that, but at least 29444743Smarkmthe from_sock() and from_tli() functions now accept a file descriptor 29544743Smarkmargument. 29644743Smarkm 29744743Smarkm- Fixed a buglet: fromhost() would pass a garbage file descriptor to 29844743Smarkmthe isastream() call. 29944743Smarkm 30044743Smarkm- On some systems the finger client program lives in /usr/bsd. File: 30144743Smarkmsafe_finger.c. 30244743Smarkm 30344743SmarkmChanges per release 6.0 (Sept 1993) 30444743Smarkm=================================== 30544743Smarkm 30644743Smarkm- Easy build procedures for common platforms (sun, ultrix, aix, hpux 30744743Smarkmand others). 30844743Smarkm 30944743Smarkm- TLI support, System V.4 style (Solaris, DG/UX). 31044743Smarkm 31144743Smarkm- Username lookup integrated with the access control language. 31244743SmarkmSelective username lookups are now the default (was: no username 31344743Smarkmlookups). 31444743Smarkm 31544743Smarkm- A safer finger command for booby traps. This one solves a host of 31644743Smarkmpossible problems with automatic reverse fingers. Thanks, Borja Marcos 31744743Smarkm(borjam@we.lc.ehu.es) for some inspiring discussions. 31844743Smarkm 31944743Smarkm- KNOWN pattern that matches hosts whose name and address are known. 32044743Smarkm 32144743Smarkm- Cleanup of diagnostics. Errors in access-control files are now shown 32244743Smarkmwith file name and line number. 32344743Smarkm 32444743Smarkm- With AIX 3.2, hostnames longer than 32 would be truncated. This 32544743Smarkmcaused hostname verification failures, so that service would be refused 32644743Smarkmwhen paranoid mode was enabled. Found by: Adrian van Bloois 32744743Smarkm(A.vanBloois@info.nic.surfnet.nl). 32844743Smarkm 32944743Smarkm- With some IRIX versions, remote username lookups failed because the 33044743Smarkmfgets() library function does not handle partial read()s from sockets. 33144743SmarkmFound by: Daniel O'Callaghan (danny@austin.unimelb.edu.au). 33244743Smarkm 33344743Smarkm- Added a DISCLAIMER document to help you satisfy legal departments. 33444743Smarkm 33544743SmarkmThe extension language module has undergone major revisions and 33644743Smarkmextensions. Thanks, John P. Rouillard (rouilj@ra.cs.umb.edu) for 33744743Smarkmdiscussions, experiments, and for being a good guinea pig. The 33844743Smarkmextensions are documented in hosts_options.5, and are enabled by 33944743Smarkmediting the Makefile STYLE macro definition. 34044743Smarkm 34144743Smarkm- (Extension language) The ":" separator may now occur within options 34244743Smarkmas long as it is protected with a backslash. A warning is issued when 34344743Smarkma rule ends on ":". 34444743Smarkm 34544743Smarkm- (Extension language) Better verification mode. When the `try' command 34644743Smarkmis run, each option function now explains what it would do. 34744743Smarkm 34844743Smarkm- (Extension language) New "allow" and "deny" keywords so you can now 34944743Smarkmhave all rules within a single file. See "nroff -man hosts_options.5" 35044743Smarkmfor examples. 35144743Smarkm 35244743Smarkm- (Extension language) "linger" keyword to set the socket linger time 35344743Smarkm(SO_LINGER). From: Marc Boucher <marc@cam.org>. 35444743Smarkm 35544743Smarkm- (Extension language) "severity" keyword to turn the logging noise up 35644743Smarkmor down. Many sites wanted a means to shut up the program; other sites 35744743Smarkmwanted to emphasize specific events. Adapted from code contributed 35844743Smarkmby Dave Mitchell <D.Mitchell@dcs.shef.ac.uk>. 35944743Smarkm 36044743SmarkmChanges per release 5.1 (Mar 1993) 36144743Smarkm================================== 36244743Smarkm 36344743Smarkm- The additional protection against source-routing attacks from hosts 36444743Smarkmthat pretend to have someone elses network address has become optional 36544743Smarkmbecause it causes kernel panics with SunOS <= 4.1.3. 36644743Smarkm 36744743SmarkmChanges per release 5.0 (Mar 1993) 36844743Smarkm================================== 36944743Smarkm 37044743Smarkm- Additional protection against source-routing attacks from hosts that 37144743Smarkmpretend to have someone elses network address. For example, the address 37244743Smarkmof a trusted host within your own network. 37344743Smarkm 37444743Smarkm- The access control language has been extended with a simple but 37544743Smarkmpowerful operator that greatly simplifies the design of rule sets (ALL: 37644743Smarkm.foo.edu EXCEPT dialup.foo.edu). Blank lines are permitted, and long 37744743Smarkmlines can be continued with backslash-newline. 37844743Smarkm 37944743Smarkm- All configurable stuff, including path names, has been moved into the 38044743SmarkmMakefile so that you no longer have to hack source code to just 38144743Smarkmconfigure the programs. 38244743Smarkm 38344743Smarkm- Ported to Solaris 2. TLI-based applications not yet supported. 38444743SmarkmSeveral workarounds for System V bugs. 38544743Smarkm 38644743Smarkm- A small loophole in the netgroup lookup code was closed, and the 38744743Smarkmremote username lookup code was made more portable. 38844743Smarkm 38944743Smarkm- Still more documentation. The README file now provides tutorial 39044743Smarkmsections with introductions to client, server, inetd and syslogd. 39144743Smarkm 39244743SmarkmChanges per release 4.3 (Aug 1992) 39344743Smarkm================================== 39444743Smarkm 39544743Smarkm- Some sites reported that connections would be rejected because 39644743Smarkmlocalhost != localhost.domain. The host name checking code now 39744743Smarkmspecial-cases localhost (problem reported by several sites). 39844743Smarkm 39944743Smarkm- The programs now report an error if an existing access control file 40044743Smarkmcannot be opened (e.g. due to lack of privileges). Until now, the 40144743Smarkmprograms would just pretend that the access control file does not exist 40244743Smarkm(reported by Darren Reed, avalon@coombs.anu.edu.au). 40344743Smarkm 40444743Smarkm- The timeout period for remote userid lookups was upped to 30 seconds, 40544743Smarkmin order to cope with slow hosts or networks. If this is too long for 40644743Smarkmyou, adjust the TIMEOUT definition in file rfc931.c (problem reported 40744743Smarkmby several sites). 40844743Smarkm 40944743Smarkm- On hosts with more than one IP network interface, remote userid 41044743Smarkmlookups could use the IP address of the "wrong" local interface. The 41144743Smarkmproblem and its solution were discussed on the rfc931-users mailing 41244743Smarkmlist. Scott Schwartz (schwartz@cs.psu.edu) folded the fix into the 41344743Smarkmrfc931.c module. 41444743Smarkm 41544743Smarkm- The result of % expansion (in shell commands) is now checked for 41644743Smarkmstuff that may confuse the shell; it is replaced by underscores 41744743Smarkm(problem reported by Icarus Sparry, I.Sparry@gdr.bath.ac.uk). 41844743Smarkm 41944743Smarkm- A portability problem was fixed that caused compile-time problems 42044743Smarkmon a CRAY (problem reported by Michael Barnett, mikeb@rmit.edu.au). 42144743Smarkm 42244743SmarkmChanges per release 4.0 (Jun 1992) 42344743Smarkm================================== 42444743Smarkm 42544743Smarkm1 - network daemons no longer have to live within a common directory 42644743Smarkm2 - the access control code now uses both the host address and name 42744743Smarkm3 - an access control pattern that supports netmasks 42844743Smarkm4 - additional protection against forged host names 42944743Smarkm5 - a pattern that matches hosts whose name or address lookup fails 43044743Smarkm6 - an operator that prevents hosts or services from being matched 43144743Smarkm7 - optional remote username lookup with the RFC 931 protocol 43244743Smarkm8 - an optional umask to prevent the creation of world-writable files 43344743Smarkm9 - hooks for access control language extensions 43444743Smarkm10 - last but not least, thoroughly revised documentation. 43544743Smarkm 43644743SmarkmChanges per release 3.0 (Oct 1991) 43744743Smarkm================================== 43844743Smarkm 43944743SmarkmEnhancements over the previous release are: support for datagram (UDP 44044743Smarkmand RPC) services, and execution of shell commands when a (remote host, 44144743Smarkmrequested service) pair matches a pattern in the access control tables. 44244743Smarkm 44344743SmarkmChanges per release 2.0 (May 1991) 44444743Smarkm================================== 44544743Smarkm 44644743SmarkmEnhancements over the previous release are: protection against rlogin 44744743Smarkmand rsh attacks through compromised domain name servers, optional 44844743Smarkmnetgroup support for systems with NIS (formerly YP), and an extension 44944743Smarkmof the wild card patterns supported by the access control files. 45044743Smarkm 45144743SmarkmRelease 1.0 (Jan 1991) 452