NFS tcp wrapper situation
Warren Togami
wtogami at redhat.com
Wed Jan 21 23:11:31 UTC 2009
Ric Wheeler wrote:
>
> I don't disagree with the best way to use it as you suggest, but the
> specific issue is for those who (naively?) put a hostname into the deny
> file. I don't think that we can assume that users will always do the
> optimal thing :-)
Exactly the same thing can be said about misconfiguration with iptables.
Why is misconfigured tcp wrappers important enough to second guess,
while misconfigured iptables is not?
This is one of the key reasons why this is NOT A BUG, and it does not
belong in nfs-utils upstream.
If the concern is for the behavior to match the man page, the man page
should have big fat warnings, it NEVER a good idea to use hostnames in
/etc/hosts.deny.
Warren Togami
wtogami at redhat.com
More information about the fedora-devel-list
mailing list