[PATCH] mountd: Don't do tcp wrapper check when there are no rules
Steve Dickson
SteveD at redhat.com
Tue Jan 20 15:06:05 UTC 2009
Warren Togami wrote:
> Steve Dickson wrote:
>> Its been point out that if there are are no rules in either
>> /etc/hosts.deny or /etc/hosts.allow there is no need to do any
>> validity checking on the incoming address.
>>
>> Unfortunately there is no interface that will easily
>> let me know if there are any rules so I simply read
>> in both files looking for non-commented lines.
>>
>> steved.
>
> This means if somebody adds a tcp wrapper rule for something other than
> mountd, it still effects the behavior of mountd? How does that make any
> sense?
Good point...
>
> Why do you not see that "deny on reverse DNS failure" is not mutually
> exclusive with "enable TCP wrappers"? This is based upon a
> MISINTERPRETATION of how tcp wrappers should behave. You are hard
> coding policy into nfs-utils.
Please tell how I check a 'mountd: <hostname>' entry in the /etc/hosts.deny
with only an IP address without doing a reverse name lookup?
>
> All you need to do is make "deny on reverse DNS failure" disabled by
> default, and let the admin choose to enable it. This would be simpler
> than your above imperfect hack as well as more correct.
This feels like a bit of hack as well...
steved.
More information about the fedora-devel-list
mailing list