Re: bin/37876: rpcbind(8) and related services should be able to bind(2) to a specific interface

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,mmondor%pulsar-zone.net@localhost
Subject: Re: bin/37876: rpcbind(8) and related services should be able to bind(2) to a specific interface
From: Matthew Mondor <mm_lists%pulsar-zone.net@localhost>
Date: Wed, 10 Aug 2016 09:15:00 +0000 (UTC)

The following reply was made to PR bin/37876; it has been noted by GNATS.

From: Matthew Mondor <mm_lists%pulsar-zone.net@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: bin/37876: rpcbind(8) and related services should be able to
 bind(2) to a specific interface
Date: Wed, 10 Aug 2016 05:10:46 -0400

 On Mon,  8 Aug 2016 04:40:01 +0000 (UTC)
 David Holland <dholland-bugs%netbsd.org@localhost> wrote:
 
 > The following reply was made to PR bin/37876; it has been noted by
 > GNATS.
 > 
 > From: David Holland <dholland-bugs%netbsd.org@localhost>
 > To: gnats-bugs%NetBSD.org@localhost
 > Cc: 
 > Subject: Re: bin/37876: rpcbind(8) and related services should be
 > able to bind(2) to a specific interface
 > Date: Mon, 8 Aug 2016 04:37:09 +0000
 > 
 >  On Sat, Jan 26, 2008 at 09:00:01AM +0000, mmondor%pulsar-zone.net@localhost
 > wrote:
 >   > SunRPC services all seem to bind to all interfaces.
 >   > Considering the security issues involved using those services,
 >   > it would be ideal if they could be bound to a specific interface
 >   > (or various specific ones).  
 >  
 >  While in general this seems like a good idea, it's a bit more
 >  complicated than just that. AFAICR, traditionally, the portmapper
 > will forward requests, with the result that any request might appear
 > to come from any local interface... I'm not sure if our rpcbind does
 > that (I would hope not) but we ought to try to get some clear answers
 >  before proceeding.
 
 I don't remember much about the sunrpc protocol (what I mostly remember
 is the portable xdr binary serialization part), so I also can't answer
 this without some reading.
 
 >  Also, for the record these services are started from inetd so inetd
 > is in charge of binding:
 >     - rpc.rquotad
 >     - rpc.rstatd
 >     - rpc.rusersd
 >     - rpc.rwalld
 >     - rpc.sprayd
 >     - rpc.pcnfsd
 
 I personally never used any of these
 
 >  so only these are started from rc.d and would need binding glop:
 >     - rpc.bootparamd
 >     - rpc.lockd
 >     - rpc.statd
 >     - rpc.yppasswdd
 >     - ypserv
 >
 >  For that matter, rstatd, rusersd, rwalld, sprayd, and yppasswdd are
 >  all pretty useless nowadays too.
 
 The only three I use are mountd (exports the available file systems),
 lockd (allows advisory locking over NFS) and statd, other than of
 course rpcbind and nfsd, and it's possible that statd is no longer
 necessary, I'm not sure.  The rpc.statd(8) manual page appears to
 suggest that lockd uses its monitoring features.
 
 -- 
 Matt

Prev by Date: port-i386/51403: NetBSD doesn't recognize my ps/2 mouse
Next by Date: Re: kern/51395: USB Ethernet makes xhci hang
Previous by Thread: Re: bin/37876: rpcbind(8) and related services should be able to bind(2) to a specific interface
Next by Thread: Re: kern/28290 (ath(4) manpage add-on)
Indexes:

Home | Main Index | Thread Index | Old Index