Comment 12 for bug 235653
Revision history for this message
| Charles Lepple (clepple) wrote Re: [Bug 235653] Re: [SRU] ACL covering all IPv4 addresses is broken in 2.2.1 | #12 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
On Aug 26, 2008, at 8:11 PM, Steve Langasek wrote:
> Hi Charles,
>
> Well, most sysadmins that I know, including the sysadmin that is
> me :),
> prefer security in depth and don't want an either-or choice between
> application-level and system-level ACLs.
Understood, but at the very least, application-level ACLs are
probably better handled by something like libwrap, with a common
syntax, and a more thoroughly-
lull users into thinking that the NUT ACLs are a complete replacement
for firewall rules.
>> Note also that newer versions of NUT are dropping ACLs in favor of
>> binding to interfaces (with a failsafe default of not binding to any
>> interfaces automatically). I believe the rationale was that by
>> binding
>> to a specific interface, there is no chance for someone to exploit
>> any
>> potential holes in the NUT ACL code.
>
> That's not a meaningful solution for users who want to allow remote
> access
> from certain addresses and only have one interface.
This is starting to stray from the original issue in this bug
regarding 2.2.1. I don't want to misrepresent the intentions of the
rest of the NUT team - do you mind if I quote this message and some
history on the NUT developer list, and CC you?