Comment 11 for bug 235653
Revision history for this message
| Steve Langasek (vorlon) wrote Re: [Bug 235653] Re: [SRU] ACL covering all IPv4 addresses is broken in 2.2.1 | #11 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Hi Charles,
Well, most sysadmins that I know, including the sysadmin that is me :),
prefer security in depth and don't want an either-or choice between
application-level and system-level ACLs.
> Note also that newer versions of NUT are dropping ACLs in favor of
> binding to interfaces (with a failsafe default of not binding to any
> interfaces automatically). I believe the rationale was that by binding
> to a specific interface, there is no chance for someone to exploit any
> potential holes in the NUT ACL code.
That's not a meaningful solution for users who want to allow remote access
from certain addresses and only have one interface.