83846 – RFE: prefer TCP wrapper for denying access

Bug 83846 - RFE: prefer TCP wrapper for denying access

Summary: RFE: prefer TCP wrapper for denying access

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	rhl-rg
Sub Component:
Version:	9
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Johnray Fuller
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	89274
TreeView+	depends on / blocked

Reported:	2003-02-09 19:43 UTC by Michael Redinger
Modified:	2007-04-18 16:50 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2003-06-30 19:42:17 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Michael Redinger 2003-02-09 19:43:05 UTC

Red Hat Linux Reference Guide 8.0.93
Page 112f (9.4.3.2. Access Control Options)
Add a note that it's almost always better to not use control options
in xinetd but rely on hosts.(allow|deny) instead.
In hosts.deny you can block everything with ALL: ALL and then allow
the required services in hosts.allow.
If you use only_from or no_access in the xinetd configuration files, you
miss those programs that are not started using xinetd but are also using
TCP wrappers. Mixing both is obviousely a bad idea, so use
hosts.(allow|deny) instead.

Comment 1 Johnray Fuller 2003-02-12 07:49:37 UTC

There is talk of changing TCP wrappers infrastructure, so I did not "go there." 

I will leave this as an RFE for next round.

Thanks again.

Johnray

Comment 2 Johnray Fuller 2003-06-30 19:42:17 UTC

I have added this information to the most recent version.

This chapter will be on the Docs Beta CD and in the final product.

J

Note You need to log in before you can comment on or make changes to this bug.