[PATCH] mountd: Don't do tcp wrapper check when there are no rules
Steve Dickson
SteveD at redhat.com
Tue Jan 20 15:14:59 UTC 2009
Warren Togami wrote:
> Steve Dickson wrote:
>>> Why do you not see that "deny on reverse DNS failure" is not mutually
>>> exclusive with "enable TCP wrappers"? This is based upon a
>>> MISINTERPRETATION of how tcp wrappers should behave. You are hard
>>> coding policy into nfs-utils.
>> Please tell how I check a 'mountd: <hostname>' entry in the
>> /etc/hosts.deny with only an IP address without doing a reverse name
>> lookup?
>
> I am not saying "without doing a reverse name lookup". Just remove the
> hardcoded part that makes it fatal.
which means the entry in /etc/hosts.deny will be ignored possibly allowing
access to machine that should be denied.
steved.
More information about the fedora-devel-list
mailing list