On Wed, Apr 18, 2001 at 11:25:23PM -0700, Adam McKenna wrote: > I think that the main point people are missing here is that in order for > PARANOID to be anything other than an annoyance, it MUST co-exist with > hostname-based rules. *YES*, this is correct! All those making silly statements about the security added by PARANOID should read the above. Study it carefully. Think about what security *used to be* at the time tcp wrappers were invented. Consider that some implementation of rshd *did not confirm that clients' reverse maps were in any way valid* and the resultant ease of access to such rshd's. *Of course* our rshd doesn't have that problem; even more importantly, we consider .rhosts authentication useless for far more reasons than can be fixed in tcp wrappers. But we insist on dragging this relic known as PARANOID for a plethora of misbegotten reasons. Reality check: PARANOID is *not* there to make audit trails better. At a minimum, such checks should be done with ip's. Yes, ip's can be spoofed. But spoofing dns is generally *even more trivial, with or without PARANOID.* Suggesting that dns records should be used as a basis for such checks is dangerously misleading. Now I'm sure some people will argue that PARANOID helps the clueless who don't know that dns is trivially spoofed. But you can't have it both ways--you can't argue that PARANOID is good even though less experienced admins will have hard-to-diagnose problems, and that such admins need a lart, and then argue that PARANOID is undeniably necessary because it adds a shred of *false confidence* for clueless admins. Which of the two clueless admins is being led into *dangerous* territory? -- Mike Stone
Attachment:
pgp6A4CurtoQT.pgp
Description: PGP signature