[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] mountd: Don't do tcp wrapper check when there are no rules

Steve Dickson wrote:
Its been point out that if there are are no rules in either /etc/hosts.deny or /etc/hosts.allow there is no need to do any
validity checking on the incoming address.

Unfortunately there is no interface that will easily
let me know if there are any rules so I simply read
in both files looking for non-commented lines.


This means if somebody adds a tcp wrapper rule for something other than mountd, it still effects the behavior of mountd? How does that make any sense?

Why do you not see that "deny on reverse DNS failure" is not mutually exclusive with "enable TCP wrappers"? This is based upon a MISINTERPRETATION of how tcp wrappers should behave. You are hard coding policy into nfs-utils.

All you need to do is make "deny on reverse DNS failure" disabled by default, and let the admin choose to enable it. This would be simpler than your above imperfect hack as well as more correct.

Warren Togami
wtogami redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]