Subject: Re: My prayers have been heared!
To: None <hubert.feyrer@informatik.fh-regensburg.de>
From: Jim Wise <jwise@draga.com>
List: netbsd-advocacy
Date: 12/17/1999 10:31:00
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 17 Dec 1999, Hubert Feyrer wrote:

>Tell your friend to that it works on stock NetBSD 1.4.1/i386, if you
>install the suse_linux package, and start portmap with the "-i" flag
>(important). I have no problems with Pg Up etc. keys here either.

_Please_, if you use portmap with -i set, be sure to use
hosts.{allow,deny} or ipf to restrict access to the portmapper -- -i
causes a reversion to the historical behavior of allowing rpc services
to be registered or unregistered by remote hosts, which is a _very_ bad
idea if you are using portmap for any real purpose on the machine.

What I suspect is that the linux rpc library calls are still using the
historical method here -- our rpc implementation strictly use the
loopback interface for this purpose.  Of course, that would mean poor
security practices in the linux (or rather glibc) codebase, which I find
very hard to believe ;-) ...

>[Insert rant about quality of Linux and superiority of NetBSD here :-]

Ditto.

- -- 
				Jim Wise
				jwise@draga.com

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQA/AwUBOFpXPC2NgFbJL33VEQLFPgCfZImxLhK6gdVPEY/gYP3yUxZqPY0AnjZJ
ko9eMu9KuhHRZNnonPoFlFqi
=gYG5
-----END PGP SIGNATURE-----