[PATCH] mountd: Don't do tcp wrapper check when there are no rules
Warren Togami
wtogami at redhat.com
Tue Jan 20 15:09:18 UTC 2009
Steve Dickson wrote:
>> Why do you not see that "deny on reverse DNS failure" is not mutually
>> exclusive with "enable TCP wrappers"? This is based upon a
>> MISINTERPRETATION of how tcp wrappers should behave. You are hard
>> coding policy into nfs-utils.
> Please tell how I check a 'mountd: <hostname>' entry in the /etc/hosts.deny
> with only an IP address without doing a reverse name lookup?
I am not saying "without doing a reverse name lookup". Just remove the
hardcoded part that makes it fatal.
>
>> All you need to do is make "deny on reverse DNS failure" disabled by
>> default, and let the admin choose to enable it. This would be simpler
>> than your above imperfect hack as well as more correct.
> This feels like a bit of hack as well...
>
You hard coded policy. How was that not a hack?
Warren Togami
wtogami at redhat.com
More information about the fedora-devel-list
mailing list