NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/37876: rpcbind(8) and related services should be able to bind(2) to a specific interface
The following reply was made to PR bin/37876; it has been noted by GNATS.
From: David Holland <dholland-bugs%netbsd.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc:
Subject: Re: bin/37876: rpcbind(8) and related services should be able to
bind(2) to a specific interface
Date: Mon, 8 Aug 2016 04:37:09 +0000
On Sat, Jan 26, 2008 at 09:00:01AM +0000, mmondor%pulsar-zone.net@localhost wrote:
> SunRPC services all seem to bind to all interfaces.
> Considering the security issues involved using those services,
> it would be ideal if they could be bound to a specific interface
> (or various specific ones).
While in general this seems like a good idea, it's a bit more
complicated than just that. AFAICR, traditionally, the portmapper will
forward requests, with the result that any request might appear to
come from any local interface... I'm not sure if our rpcbind does that
(I would hope not) but we ought to try to get some clear answers
before proceeding.
Also, for the record these services are started from inetd so inetd is
in charge of binding:
- rpc.rquotad
- rpc.rstatd
- rpc.rusersd
- rpc.rwalld
- rpc.sprayd
- rpc.pcnfsd
so only these are started from rc.d and would need binding glop:
- rpc.bootparamd
- rpc.lockd
- rpc.statd
- rpc.yppasswdd
- ypserv
Am I forgetting any others? (Besides perhaps the nfs server in the
kernel...)
As a side note, it seems that there isn't any preconfigured way to run
pcnfsd at all; on the other hand, pcnfsd is pretty useless nowadays.
For that matter, rstatd, rusersd, rwalld, sprayd, and yppasswdd are
all pretty useless nowadays too.
--
David A. Holland
dholland%netbsd.org@localhost
Home |
Main Index |
Thread Index |
Old Index