[PATCH] mountd: Don't do tcp wrapper check when there are no rules
Warren Togami
wtogami at redhat.com
Tue Jan 20 14:58:11 UTC 2009
Steve Dickson wrote:
> Its been point out that if there are are no rules in either
> /etc/hosts.deny or /etc/hosts.allow there is no need to do any
> validity checking on the incoming address.
>
> Unfortunately there is no interface that will easily
> let me know if there are any rules so I simply read
> in both files looking for non-commented lines.
>
> steved.
This means if somebody adds a tcp wrapper rule for something other than
mountd, it still effects the behavior of mountd? How does that make any
sense?
Why do you not see that "deny on reverse DNS failure" is not mutually
exclusive with "enable TCP wrappers"? This is based upon a
MISINTERPRETATION of how tcp wrappers should behave. You are hard
coding policy into nfs-utils.
All you need to do is make "deny on reverse DNS failure" disabled by
default, and let the admin choose to enable it. This would be simpler
than your above imperfect hack as well as more correct.
Warren Togami
wtogami at redhat.com
More information about the fedora-devel-list
mailing list