[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

On Wed, Apr 18, 2001 at 09:35:06PM +0200, Nils Jeppe wrote:
> On Wed, 18 Apr 2001, Adam McKenna wrote:
> > Oh, come on now.  Anyone who's serious about security is not using name-based
> > access lists.  For that matter, anyone who's serious about security is not
> > relying on TCP wrappers for it, because it's been shown over and over again
> > that TCP wrappers "security" can be easily defeated.  See Dan Bernstein's
> > posts to Bugtraq regarding this issue.
> I KNOW. But not everybody who runs Debian is serious enough about
> security. Why soften the defaults?

That's the point.  This _DOES_NOT_ increase security.  Anyone who believes it
does is suffering from delusions.  All it does is make life harder on
sysadmins, who, if they don't know this is enabled, may spend hours chasing
down this problem.


Adam McKenna  <adam@debian.org>  <adam@flounder.net>

Reply to: