[PATCH] mountd: Don't do tcp wrapper check when there are no rules
Steve Dickson
SteveD at redhat.com
Tue Jan 20 15:30:43 UTC 2009
Ralf Ertzinger wrote:
> Hi.
>
> On Tue, 20 Jan 2009 10:06:05 -0500, Steve Dickson wrote:
>
>> Please tell how I check a 'mountd: <hostname>' entry in
>> the /etc/hosts.deny with only an IP address without doing a reverse
>> name lookup?
>
> You can't, and no one is denying that as far as I can see. And I'd
> actually consider this to be failing on the safe side.
>
> But, given an entry in hosts.allow like this:
>
> mountd: host.example.com 192.168.1.1
>
> denying the ip 192.168.1.1 just because it does not have a hostname
> associated with it would be just wrong.
Remember I said _matching_ IP... meaning if the above line
was in hosts.allow and client 192.168.1.1 did a mount
the client would be allow the mount without doing a lookup
because there was a matching IP address entry...
Now if client 192.168.1.2 did a mount, there would not be a
IP matching entry in hosts.allow so a lookup would be necessary
to see if a 'mountd: <hostname>' exists in hosts.deny.
Is that making sense?
steved.
More information about the fedora-devel-list
mailing list