[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] mountd: Don't do tcp wrapper check when there are no rules




Warren Togami wrote:
> Steve Dickson wrote:
>> Its been point out that if there are are no rules in either
>> /etc/hosts.deny or /etc/hosts.allow there is no need to do any
>> validity checking on the incoming address.
>>
>> Unfortunately there is no interface that will easily
>> let me know if there are any rules so I simply read
>> in both files looking for non-commented lines.
>>
>> steved.
> 
> This means if somebody adds a tcp wrapper rule for something other than
> mountd, it still effects the behavior of mountd?  How does that make any
> sense?
Good point...

> 
> Why do you not see that "deny on reverse DNS failure" is not mutually
> exclusive with "enable TCP wrappers"?  This is based upon a
> MISINTERPRETATION of how tcp wrappers should behave.  You are hard
> coding policy into nfs-utils.
Please tell how I check a 'mountd: <hostname>' entry in the /etc/hosts.deny 
with only an IP address without doing a reverse name lookup?

> 
> All you need to do is make "deny on reverse DNS failure" disabled by
> default, and let the admin choose to enable it.  This would be simpler
> than your above imperfect hack as well as more correct.
This feels like a bit of hack as well... 

steved.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]