Steve Dickson írta:
Warren Togami wrote:
> Steve Dickson wrote:
>
>>> I am not saying "without doing a reverse name lookup". Just remove
the
>>> hardcoded part that makes it fatal.
>>>
>> which means the entry in /etc/hosts.deny will be ignored possibly
>> allowing
>> access to machine that should be denied.
>>
> Access control by hostname is highly imperfect and insecure to begin
> with. Haven't we learned this from rsh?
>
> How much sense does it make for someone to add every possible hostname
> to deny in /etc/hosts.deny? If they want to limit access via tcp
> wrappers, they would instead mountd: * in /etc/hosts.deny and add
> specific hosts to /etc/hosts.allow.
>
Now who is dictating policy! 8-)
The admin is... by hosts.allow and hosts.deny.
nfs-utils' rule is to obey the policy set by the admin.
> We need to accept that tcp wrappers is insecure (easy to spoof,
> unencrypted) and thus imperfect. Stop trying to add hacks to shine up
> this turd. What other services impose such a denial by default due to
> tcp wrappers? This is simply a bad idea.
>
This is not for me to say... I'm just try to get the code working with
out breaking anybody's world...
steved.