On Mon, Jan 19, 2004 at 04:52:19PM +0100, Josselin Mouette wrote: > Le lun 19/01/2004 à 15:40, Marco d'Itri a écrit : > > If you feel that a listening portmap is such an unacceptable security > > risk then have it accept only connections from localhost by default, and > > ask admins to configure /etc/hosts.allow (like they are supposed to do > > anyway). > > And then you'll break all installed servers using NFS, NIS and so on > upon upgrade. I'd rather see this than the proposed behavior. You can't have it both ways... either you're trying to protect the desktop moron, or you're trying to facilitate a server arrangement. If the stated goal is to protect the desktop moron, then DO IT. Configure hosts.allow and hosts.deny to allow the portmapper to be protected from anything other than a local address. An administrator should be smart enough to set things up properly if he needs something additional. ANYTHING else is "more fragile". -- Marc Wilson | "Those who believe in astrology are living in houses msw@cox.net | with foundations of Silly Putty." - Dennis Rawlins, | astronomer
Attachment:
signature.asc
Description: Digital signature