Steve Dickson írta: > Warren Togami wrote: > >> Steve Dickson wrote: >> >>>> I am not saying "without doing a reverse name lookup". Just remove the >>>> hardcoded part that makes it fatal. >>>> >>> which means the entry in /etc/hosts.deny will be ignored possibly >>> allowing >>> access to machine that should be denied. >>> >> Access control by hostname is highly imperfect and insecure to begin >> with. Haven't we learned this from rsh? >> >> How much sense does it make for someone to add every possible hostname >> to deny in /etc/hosts.deny? If they want to limit access via tcp >> wrappers, they would instead mountd: * in /etc/hosts.deny and add >> specific hosts to /etc/hosts.allow. >> > Now who is dictating policy! 8-) > The admin is... by hosts.allow and hosts.deny. nfs-utils' rule is to obey the policy set by the admin. >> We need to accept that tcp wrappers is insecure (easy to spoof, >> unencrypted) and thus imperfect. Stop trying to add hacks to shine up >> this turd. What other services impose such a denial by default due to >> tcp wrappers? This is simply a bad idea. >> > This is not for me to say... I'm just try to get the code working with > out breaking anybody's world... > > steved. > > -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
