Re: [PATCH] mountd: Don't do tcp wrapper check when there are no rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Warren Togami wrote:
> Steve Dickson wrote:
>> Its been point out that if there are are no rules in either
>> /etc/hosts.deny or /etc/hosts.allow there is no need to do any
>> validity checking on the incoming address.
>>
>> Unfortunately there is no interface that will easily
>> let me know if there are any rules so I simply read
>> in both files looking for non-commented lines.
>>
>> steved.
> 
> This means if somebody adds a tcp wrapper rule for something other than
> mountd, it still effects the behavior of mountd?  How does that make any
> sense?
Good point...

> 
> Why do you not see that "deny on reverse DNS failure" is not mutually
> exclusive with "enable TCP wrappers"?  This is based upon a
> MISINTERPRETATION of how tcp wrappers should behave.  You are hard
> coding policy into nfs-utils.
Please tell how I check a 'mountd: <hostname>' entry in the /etc/hosts.deny 
with only an IP address without doing a reverse name lookup?

> 
> All you need to do is make "deny on reverse DNS failure" disabled by
> default, and let the admin choose to enable it.  This would be simpler
> than your above imperfect hack as well as more correct.
This feels like a bit of hack as well... 

steved.

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux