Steve Dickson wrote:
I am not saying "without doing a reverse name lookup". Just remove the
hardcoded part that makes it fatal.
which means the entry in /etc/hosts.deny will be ignored possibly allowing
access to machine that should be denied.
Access control by hostname is highly imperfect and insecure to begin
with. Haven't we learned this from rsh?
How much sense does it make for someone to add every possible hostname
to deny in /etc/hosts.deny? If they want to limit access via tcp
wrappers, they would instead mountd: * in /etc/hosts.deny and add
specific hosts to /etc/hosts.allow.
We need to accept that tcp wrappers is insecure (easy to spoof,
unencrypted) and thus imperfect. Stop trying to add hacks to shine up
this turd. What other services impose such a denial by default due to
tcp wrappers? This is simply a bad idea.
Warren Togami
wtogami@xxxxxxxxxx
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
