[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] mountd: Don't do tcp wrapper check when there are no rules



Steve Dickson wrote:
Why do you not see that "deny on reverse DNS failure" is not mutually
exclusive with "enable TCP wrappers"?  This is based upon a
MISINTERPRETATION of how tcp wrappers should behave.  You are hard
coding policy into nfs-utils.
Please tell how I check a 'mountd: <hostname>' entry in the /etc/hosts.deny with only an IP address without doing a reverse name lookup?

I am not saying "without doing a reverse name lookup". Just remove the hardcoded part that makes it fatal.


All you need to do is make "deny on reverse DNS failure" disabled by
default, and let the admin choose to enable it.  This would be simpler
than your above imperfect hack as well as more correct.
This feels like a bit of hack as well...

You hard coded policy.  How was that not a hack?

Warren Togami
wtogami redhat com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]