|
Bugzilla – Full Text Bug Listing |
| Summary: | very long lines in /etc/host.deny cause clients be accepted | ||
|---|---|---|---|
| Product: | [openSUSE] SUSE LINUX 10.0 | Reporter: | Michal Marek <mmarek> |
| Component: | Network | Assignee: | Petr Ostadal <postadal> |
| Status: | RESOLVED INVALID | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Minor | ||
| Priority: | P5 - None | ||
| Version: | Beta 1 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | All | ||
| Whiteboard: | |||
| Found By: | Component Test | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | a long line with DENY, which in fact allows access | ||
Created attachment 46325 [details]
a long line with DENY, which in fact allows access
An example
This behaviour is used on all platforms with tcp_wrapper a long time and change it may confuse current administrators. For checking config files, they have to use tcpdchk utility (man tcpdchk(8)). |
If there is a _very_ long line (2048 bytes) in /etc/host.{allow,deny}, the library allows connections regardles of the line. Just a warning is sent to syslog. A more reasonable behavior would be to deny connections when the config file cannot be parsed. Of course, the config file is created by the system administrator, so it's his responsibility to test the configuration. And such a long line will be rarely needed.