Warren Togami wrote:
Steve Dickson wrote:
> Its been point out that if there are are no rules in either
> /etc/hosts.deny or /etc/hosts.allow there is no need to do any
> validity checking on the incoming address.
>
> Unfortunately there is no interface that will easily
> let me know if there are any rules so I simply read
> in both files looking for non-commented lines.
>
> steved.
This means if somebody adds a tcp wrapper rule for something other than
mountd, it still effects the behavior of mountd? How does that make any
sense?
Good point...
Why do you not see that "deny on reverse DNS failure" is not mutually
exclusive with "enable TCP wrappers"? This is based upon a
MISINTERPRETATION of how tcp wrappers should behave. You are hard
coding policy into nfs-utils.
Please tell how I check a 'mountd:
<hostname>' entry in the /etc/hosts.deny
with only an IP address without doing a reverse name lookup?
All you need to do is make "deny on reverse DNS failure" disabled by
default, and let the admin choose to enable it. This would be simpler
than your above imperfect hack as well as more correct.
This feels like a bit of
hack as well...
steved.