[nsd-users] allow-notify on localhost
Mark Santcroos
mark at NLnetLabs.nl
Tue Sep 18 10:24:54 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Farkas,
Farkas Levente wrote:
> Mark Santcroos wrote:
>>> Or even make it implicit to always
>>> allow this from localhost (f you can't trust localhost, you have more
>>> problems)
>> For security reasons, and no really good reasons in favour of it, we
>> won't make it trust localhost by default.
>
> can you explain it a little bit more detailed?
On multiuser systems you can't (always) trust access from localhost.
In theory, accepting notifies should indeed not be a problem, but
because it accepts packets from the wire there is always a chance that
there is a bug in the handling of it.
Therefore we don't want to make that the default for everyone.
Does this make it more clear?
Regards,
Mark
- --
Mark Santcroos
NLnet Labs
http://www.nlnetlabs.nl/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG76d2vgq6Qtvn644RArmoAKDAr8rGZC6JYX0DVCXNWje2FxsPgQCffkPs
70DtVk+MGuxUJHsnOjbqpBc=
=bst7
-----END PGP SIGNATURE-----
More information about the nsd-users
mailing list