Re: /etc/hosts.deny

To: debian-user@lists.debian.org
Subject: Re: /etc/hosts.deny
From: Ethan Benson <erbenson@alaska.net>
Date: Sun, 8 Apr 2001 14:33:20 -0800
Message-id: <[🔎] 20010408143320.Q4971@plato.local.lan>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20010408130426.B1200@straylite>; from tyrin@tscnet.com on Sun, Apr 08, 2001 at 01:04:26PM -0700
References: <[🔎] 01040819070801.00730@robdesk> <[🔎] 20010408130426.B1200@straylite>

On Sun, Apr 08, 2001 at 01:04:26PM -0700, Tyrin Price wrote:
> * Robert Voigt <f1k@gmx.de> [08Apr01 19:07 +0200]:
> > I put the line 
> > ALL: ALL
> > in /etc/hosts.deny and tried to mount a directory on this machine from 
> > another one, just to see if it actually denies access to all other hosts. 
> > /etc/hosts.allow is empty. But I could still mount and access files. What's 
> > wrong here?
> 
> These access control files only work for those services run from inetd

this is not true, any service compiled with libwrap will also use
hosts.{allow,deny} such packages include openssh, mountd, statd,
portmap, and afpd.  all of these use and respect
/etc/hosts.{allow,deny} without being run from inetd

> ... nfs uses portmap.  I bet you don't have the portmapper wrapped.

yes he does, portmap in debian uses tcpwrappers without being run from
inetd (which is impossible for portmap).  

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgptK8Baj30O1.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: /etc/hosts.deny
  - From: Mario Vukelic <mario.vukelic@chello.at>

References:
- /etc/hosts.deny
  - From: Robert Voigt <f1k@gmx.de>
- Re: /etc/hosts.deny
  - From: Tyrin Price <tyrin@tscnet.com>

Prev by Date: Re: Newbie Question
Next by Date: Re: How to upgrade to kernel 2.4 and ReiserFS
Previous by thread: Re: /etc/hosts.deny
Next by thread: Re: /etc/hosts.deny
Index(es):
- Date
- Thread