Warren Togami wrote:
Steve Dickson wrote:
>> I am not saying "without doing a reverse name lookup". Just remove
the
>> hardcoded part that makes it fatal.
> which means the entry in /etc/hosts.deny will be ignored possibly
> allowing
> access to machine that should be denied.
Access control by hostname is highly imperfect and insecure to begin
with. Haven't we learned this from rsh?
How much sense does it make for someone to add every possible hostname
to deny in /etc/hosts.deny? If they want to limit access via tcp
wrappers, they would instead mountd: * in /etc/hosts.deny and add
specific hosts to /etc/hosts.allow.
Now who is dictating policy! 8-)
We need to accept that tcp wrappers is insecure (easy to spoof,
unencrypted) and thus imperfect. Stop trying to add hacks to shine up
this turd. What other services impose such a denial by default due to
tcp wrappers? This is simply a bad idea.
This is not for me to say... I'm just
try to get the code working with
out breaking anybody's world...
steved.