Bug 83719 - hosts.allow IPaddr/mask wrongly interpreted
hosts.allow IPaddr/mask wrongly interpreted
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: tcp_wrappers (Show other bugs)
8.0
i386 Linux
medium Severity low
: ---
: ---
Assigned To: Florian La Roche
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-02-07 11:14 EST by Graham King
Modified: 2007-04-18 12:50 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-02-19 11:03:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Graham King 2003-02-07 11:14:02 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;) Gecko/20020830

Description of problem:
man hosts.allow says:
"An  expression of the form �n.n.n.n/m.m.m.m� is interpreted as a
 �net/mask� pair. An IPv4 host address is  matched  if  �net�  is
 equal  to  the  bitwise  AND  of the address and the �mask�."

However, portmap is denied to host aaa.bbb.ccc.ddd/255.255.255.255, 
suggesting that the mask is wrongly applied.


Version-Release number of selected component (if applicable):


How reproducible:
Didn't try

Steps to Reproduce:

    On an NFS server host, /etc/hosts.deny contains:
ALL:ALL

/etc/hosts.allow contains (IP addresses sanitised):
portmap:ppp.qqq.rrr.sss/255.255.255.0,aaa.bbb.ccc.ddd/255.255.255.255
rpc.mountd:ppp.qqq.rrr.sss/255.255.255.0,aaa.bbb.ccc.ddd/255.255.255.255

An attempt to mount an NFS volume onto aaa.bbb.ccc.ddd gives the following in
the syslog on the NFS server host:
portmap[30168]: connect from aaa.bbb.ccc.ddd to getport(mountd): request from
unauthorized host

However, after changing the mask in hosts.allow to 255.255.255.254 the mount
attempt succeeds.

nfs-utils-1.0.1-2
tcp_wrappers-7.6-23

Additional info:
Comment 1 Thomas Woerner 2003-02-19 11:03:42 EST
This is no bug:

> man hosts.allow
    ...
    An  expression of the form ‘n.n.n.n/m.m.m.m´ is interpreted as a
    ‘net/mask´ pair. An IPv4 host address is  matched  if  ‘net´  is
    equal  to  the  bitwise  AND  of the address and the ‘mask´. For
    example,  the  net/mask   pattern   ‘131.155.72.0/255.255.254.0´
    matches  every  address  in  the  range  ‘131.155.72.0´  through
    ‘131.155.73.255´.
    ...

Do not use net/mask pair for a single host.

Note You need to log in before you can comment on or make changes to this bug.