Bug ID 1099755
Summary /etc/hosts.allow /etc/hosts.deny not support ssh
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware x86-64
OS openSUSE Factory
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter simon@becherer.de
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

wrong security feeling, because text of file
/etc/hosts.allow is wrong.

written is:

# /etc/hosts.allow                                                            
# See 'man tcpd' and 'man 5 hosts_access' for a detailed description          
# of /etc/hosts.allow and /etc/hosts.deny.                                    
#                                                                             
# short overview about daemons and servers that are built with                
# tcp_wrappers support:                                                       
#.                                                                            
# package name  |       daemon path     |       token                         
# ----------------------------------------------------------------------------
# ssh, openssh  |  /usr/sbin/sshd       |  sshd, sshd-fwd-x11, sshd-fwd-<port>
# quota         | /usr/sbin/rpc.rquotad |  rquotad                            
# tftpd         | /usr/sbin/in.tftpd    |  in.tftpd                           
# portmap       |  /sbin/portmap        |  portmap                            

at least toke sshd to allow and deny will not work any more on actual
systems (tumbleweed). (maybe others tokens also affected)
so user (as i) with low background knowlidge will feel secure if they make
settings like:

sshd : ALL : deny

sshd : 127.0.0.1 : allow
sshd : 192.168.0.30 : allow

but the system ignores this.

-> leading text and maybe manpage has to be changed!
-> or if this 2 files host.allow / hosts.deny ar complete obsolete, do not
   install it at all.

You are receiving this mail because: