[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] mountd: Don't do tcp wrapper check when there are no rules



Steve Dickson írta:
> Warren Togami wrote:
>   
>> Steve Dickson wrote:
>>     
>>>> I am not saying "without doing a reverse name lookup".  Just remove the
>>>> hardcoded part that makes it fatal.
>>>>         
>>> which means the entry in /etc/hosts.deny will be ignored possibly
>>> allowing
>>> access to machine that should be denied.
>>>       
>> Access control by hostname is highly imperfect and insecure to begin
>> with.  Haven't we learned this from rsh?
>>
>> How much sense does it make for someone to add every possible hostname
>> to deny in /etc/hosts.deny?  If they want to limit access via tcp
>> wrappers, they would instead mountd: * in /etc/hosts.deny and add
>> specific hosts to /etc/hosts.allow.
>>     
> Now who is dictating policy! 8-)
>   

The admin is... by hosts.allow and hosts.deny.
nfs-utils' rule is to obey the policy set by the admin.

>> We need to accept that tcp wrappers is insecure (easy to spoof,
>> unencrypted) and thus imperfect.  Stop trying to add hacks to shine up
>> this turd.  What other services impose such a denial by default due to
>> tcp wrappers?  This is simply a bad idea.
>>     
> This is not for me to say... I'm just try to get the code working with
> out breaking anybody's world... 
>
> steved.
>
>   


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]