Warren Togami wrote: > Steve Dickson wrote: >>> I am not saying "without doing a reverse name lookup". Just remove the >>> hardcoded part that makes it fatal. >> which means the entry in /etc/hosts.deny will be ignored possibly >> allowing >> access to machine that should be denied. > > Access control by hostname is highly imperfect and insecure to begin > with. Haven't we learned this from rsh? > > How much sense does it make for someone to add every possible hostname > to deny in /etc/hosts.deny? If they want to limit access via tcp > wrappers, they would instead mountd: * in /etc/hosts.deny and add > specific hosts to /etc/hosts.allow. Now who is dictating policy! 8-) > > We need to accept that tcp wrappers is insecure (easy to spoof, > unencrypted) and thus imperfect. Stop trying to add hacks to shine up > this turd. What other services impose such a denial by default due to > tcp wrappers? This is simply a bad idea. This is not for me to say... I'm just try to get the code working with out breaking anybody's world... steved. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
