Index: contrib/tcp_wrappers/hosts_options.5 =================================================================== --- contrib/tcp_wrappers/hosts_options.5 +++ contrib/tcp_wrappers/hosts_options.5 @@ -53,56 +53,6 @@ ALL: ALL: ALLOW .sp Notice the leading dot on the domain name patterns. -.SH RUNNING OTHER COMMANDS -.IP "spawn shell_command" -Execute, in a child process, the specified shell command, after -performing the % expansions described in the hosts_access(5) -manual page. The command is executed with stdin, stdout and stderr -connected to the null device, so that it won\'t mess up the -conversation with the client host. Example: -.sp -.nf -.ti +3 -spawn (/some/where/safe_finger -l @%h | /usr/ucb/mail root) & -.fi -.sp -executes, in a background child process, the shell command "safe_finger --l @%h | mail root" after replacing %h by the name or address of the -remote host. -.sp -The example uses the "safe_finger" command instead of the regular -"finger" command, to limit possible damage from data sent by the finger -server. The "safe_finger" command is part of the daemon wrapper -package; it is a wrapper around the regular finger command that filters -the data sent by the remote host. -.IP "twist shell_command" -Replace the current process by an instance of the specified shell -command, after performing the % expansions described in the -hosts_access(5) manual page. Stdin, stdout and stderr are connected to -the client process. This option must appear at the end of a rule. -.sp -To send a customized bounce message to the client instead of -running the real ftp daemon: -.sp -.nf -.ti +3 -in.ftpd : ... : twist /bin/echo 421 Some bounce message -.fi -.sp -For an alternative way to talk to client processes, see the -\fIbanners\fR option below. -.sp -To run /some/other/in.telnetd without polluting its command-line -array or its process environment: -.sp -.nf -.ti +3 -in.telnetd : ... : twist PATH=/some/other; exec in.telnetd -.fi -.sp -Warning: in case of UDP services, do not twist to commands that use -the standard I/O or the read(2)/write(2) routines to communicate with -the client process; UDP requires other I/O primitives. .SH NETWORK OPTIONS .IP "keepalive" Causes the server to periodically send a message to the client. The Index: contrib/tcp_wrappers/options.c =================================================================== --- contrib/tcp_wrappers/options.c +++ contrib/tcp_wrappers/options.c @@ -81,8 +81,6 @@ static void umask_option(); /* execute "umask mask" option */ static void linger_option(); /* execute "linger time" option */ static void keepalive_option(); /* execute "keepalive" option */ -static void spawn_option(); /* execute "spawn command" option */ -static void twist_option(); /* execute "twist command" option */ static void rfc931_option(); /* execute "rfc931" option */ static void setenv_option(); /* execute "setenv name value" */ static void nice_option(); /* execute "nice" option */ @@ -119,8 +117,6 @@ "umask", umask_option, NEED_ARG, "linger", linger_option, NEED_ARG, "keepalive", keepalive_option, 0, - "spawn", spawn_option, NEED_ARG | EXPAND_ARG, - "twist", twist_option, NEED_ARG | EXPAND_ARG | USE_LAST, "rfc931", rfc931_option, OPT_ARG, "setenv", setenv_option, NEED_ARG | EXPAND_ARG, "nice", nice_option, OPT_ARG, @@ -299,17 +295,6 @@ (void) umask(mask); } -/* spawn_option - spawn a shell command and wait */ - -/* ARGSUSED */ - -static void -spawn_option(char *value, struct request_info *request) -{ - if (dry_run == 0) - shell_cmd(value); -} - /* linger_option - set the socket linger time (Marc Boucher ) */ /* ARGSUSED */ @@ -361,43 +346,6 @@ tcpd_warn("nice(%d): %m", niceval); } -/* twist_option - replace process by shell command */ - -static void -twist_option(char *value, struct request_info *request) -{ - char *error; - - if (dry_run != 0) { - dry_run = 0; - } else { - if (resident > 0) - tcpd_jump("twist option in resident process"); - - syslog(deny_severity, "twist %s to %s", eval_client(request), value); - - /* Before switching to the shell, set up stdin, stdout and stderr. */ - -#define maybe_dup2(from, to) ((from == to) ? to : (close(to), dup(from))) - - if (maybe_dup2(request->fd, 0) != 0 || - maybe_dup2(request->fd, 1) != 1 || - maybe_dup2(request->fd, 2) != 2) { - error = "twist_option: dup: %m"; - } else { - if (request->fd > 2) - close(request->fd); - (void) execl("/bin/sh", "sh", "-c", value, (char *) 0); - error = "twist_option: /bin/sh: %m"; - } - - /* Something went wrong: we MUST terminate the process. */ - - tcpd_warn(error); - clean_exit(request); - } -} - /* rfc931_option - look up remote user name */ static void