[PATCH] mountd: Don't do tcp wrapper check when there are no rules
Steve Dickson
SteveD at redhat.com
Tue Jan 20 15:35:31 UTC 2009
Warren Togami wrote:
> Steve Dickson wrote:
>>> I am not saying "without doing a reverse name lookup". Just remove the
>>> hardcoded part that makes it fatal.
>> which means the entry in /etc/hosts.deny will be ignored possibly
>> allowing
>> access to machine that should be denied.
>
> Access control by hostname is highly imperfect and insecure to begin
> with. Haven't we learned this from rsh?
>
> How much sense does it make for someone to add every possible hostname
> to deny in /etc/hosts.deny? If they want to limit access via tcp
> wrappers, they would instead mountd: * in /etc/hosts.deny and add
> specific hosts to /etc/hosts.allow.
Now who is dictating policy! 8-)
>
> We need to accept that tcp wrappers is insecure (easy to spoof,
> unencrypted) and thus imperfect. Stop trying to add hacks to shine up
> this turd. What other services impose such a denial by default due to
> tcp wrappers? This is simply a bad idea.
This is not for me to say... I'm just try to get the code working with
out breaking anybody's world...
steved.
More information about the devel
mailing list