This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: cygwin-1.7, sshd, tcpd, and IPv6/Vista


On Tue, 30 Dec 2008, Charles Wilson wrote:

So, the "allow" entries in hosts.allow are really only enabling access
form the actual "127.0.0.1" aka "::1" machine -- that is, the actual
local host.  They do not REALLY enable access from those bad guys that
spybot maps to localhost.

Can anybody think of an alternate explanation (perhaps this is a bug in
cygwin-1.7's resolver code, or a bug I haven't spotted in tcpd?) Am I
being too blase' about modifying hosts.allow as

ALL : 127.0.0.1/32 : allow
ALL : [::1]/128 : allow
ALL : PARANOID : deny
sshd: all

or, am I right that doing so is perfectly safe even with a munged up
hosts file -- and if so, should I modify the default hosts.allow shipped
with tcp_wrappers?

It's perfecty valid. FreeBSD's default /etc/hosts.allow is setup that way so you're in good company.



Antonio Querubin whois: AQ7-ARIN

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]