Re: [PATCH] mountd: Don't do tcp wrapper check when there are no rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Steve Dickson wrote:
Its been point out that if there are are no rules in either /etc/hosts.deny or /etc/hosts.allow there is no need to do any 
validity checking on the incoming address.

Unfortunately there is no interface that will easily
let me know if there are any rules so I simply read
in both files looking for non-commented lines.

steved.
This means if somebody adds a tcp wrapper rule for something other than mountd, it still effects the behavior of mountd? How does that make any sense?
Why do you not see that "deny on reverse DNS failure" is not mutually exclusive with "enable TCP wrappers"? This is based upon a MISINTERPRETATION of how tcp wrappers should behave. You are hard coding policy into nfs-utils.
All you need to do is make "deny on reverse DNS failure" disabled by default, and let the admin choose to enable it. This would be simpler than your above imperfect hack as well as more correct. 

Warren Togami
wtogami@xxxxxxxxxx

--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux