On Fri, Aug 22, 2008 at 6:26 PM, Steve Langasek wrote: > So since denying appears to be the default, it seems that the only case > broken by this is giving all IP addresses access to nut. Is this ever > really a good idea? Or have I overlooked some other reason that this > makes sense?
Steve, Sorry to jump in again, but I know that a lot of sysadmins prefer to centralize their access control rules at the OS level, rather than deal with the nuances of each application's ACLs. In that situation, an all-open ACL is acceptable, since the OS (in this case, iptables/netfilter) would have finer-grained control. Note also that newer versions of NUT are dropping ACLs in favor of binding to interfaces (with a failsafe default of not binding to any interfaces automatically). I believe the rationale was that by binding to a specific interface, there is no chance for someone to exploit any potential holes in the NUT ACL code. Hope that helps. -- - Charles Lepple -- [SRU] ACL covering all IPv4 addresses is broken in 2.2.1 https://bugs.launchpad.net/bugs/235653 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
