[PATCH] mountd: Don't do tcp wrapper check when there are no rules

Warren Togami wtogami at redhat.com
Tue Jan 20 14:58:11 UTC 2009


Steve Dickson wrote:
> Its been point out that if there are are no rules in either 
> /etc/hosts.deny or /etc/hosts.allow there is no need to do any
> validity checking on the incoming address.
> 
> Unfortunately there is no interface that will easily
> let me know if there are any rules so I simply read
> in both files looking for non-commented lines.
> 
> steved.

This means if somebody adds a tcp wrapper rule for something other than 
mountd, it still effects the behavior of mountd?  How does that make any 
sense?

Why do you not see that "deny on reverse DNS failure" is not mutually 
exclusive with "enable TCP wrappers"?  This is based upon a 
MISINTERPRETATION of how tcp wrappers should behave.  You are hard 
coding policy into nfs-utils.

All you need to do is make "deny on reverse DNS failure" disabled by 
default, and let the admin choose to enable it.  This would be simpler 
than your above imperfect hack as well as more correct.

Warren Togami
wtogami at redhat.com




More information about the fedora-devel-list mailing list