Module Name:	basesrc
Committed By:	jwise
Date:		Tue May 30 15:31:15 UTC 2000

Modified Files:
	basesrc/usr.sbin/portmap: portmap.c

Log Message:
Fix a hole in the portmap libwrap access control:  programs on a host which
had been granted access to the portmapper via hosts.{allow,deny} could use
PMAPPROC_CALLIT to call PMAPPROC_{SET,UNSET} to (un)register services as if
they were running on the local host.

The new code disallows all indirect calls to the portmapper except for
PMAPPROC_NULL unless the -i (insecure) flag has been specified.

While there, add a new flag, -p (paranoid) which also disallows indirect calls
to a small number of other services, including key parts of NFS and NIS.  This
code hardcodes the services to be disallowed, and is thus somewhat of a hack,
but will serve for the time being (until portmap is replaced by rpcbind as part
of fvdl's current rpc work, due to happen before 1.5).

Problem pointed out by Frank van der Linden <fvdl@netbsd.org>, solution determined
in discussion with Frank van der Linden and with Bill Sommerfeld <sommerfeld@netbsd.org>.
Some inspiration drawn from the (less general) handling of this problem in Wietse
Venema's libwrap'ed portmap.


To generate a diff of this commit:
cvs rdiff -r1.24 -r1.25 basesrc/usr.sbin/portmap/portmap.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.