netbsd-bugs: Re: bin/30479: named should use libwrap/hosts

Subject: Re: bin/30479: named should use libwrap/hosts_access
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: Greg A. Woods <woods@planix.com>
List: netbsd-bugs
Date: 06/16/2005 04:44:04

The following reply was made to PR bin/30479; it has been noted by GNATS.

From: "Greg A. Woods" <woods@planix.com>
To: NetBSD GNATS submissions and followups <gnats-bugs@netbsd.org>
Cc: 
Subject: Re: bin/30479: named should use libwrap/hosts_access
Date: Thu, 16 Jun 2005 00:43:09 -0400 (EDT)

 [ On Thursday, June 9, 2005 at 09:53:00 (+0000), paul@Plectere.com wrote: ]
 > Subject: bin/30479: named should use libwrap/hosts_access
 >
 > 	Note that named does not use libwrap/hosts_access - which would/could
 > 	be very useful in blocking exploitation attempts.

 BIND-8 and newer has support for its own internal ACLs.

 (and besides, true protection can only come from outside a program,
 e.g. with IPF or PF)

 -- 
 						Greg A. Woods
 						Planix, Inc.

 <woods@planix.com>     +1 416 489-5852 x122     http://www.planix.com/