2014-03-20 18:59 GMT+01:00 Paul Wouters <paul@xxxxxxxxx>:
On Thu, 20 Mar 2014, Lennart Poettering wrote:I'd be happy to see those go.
I wonder whether it wouldn't be time to say goodbye to tcpwrappers in
Fedora.
Those who depend on it though, should see some "failed closed"
behaviour, so their service does not suddenly become more exposed.
Wouldn't failing closed essentially involve keeping libwrap, keeping all the callers, keeping the existing parser, only ignoring most of the rule and treating any rule matching the daemon name as DENY? At that point we might just as well keep the non-controversially-safe functionality like IP checks working.
Mirek
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct