Re: access control for mountd, statd, and lockd?

To: Thor Lancelot Simon <tls%panix.com@localhost>
Subject: Re: access control for mountd, statd, and lockd?
From: Steven Bellovin <smb%cs.columbia.edu@localhost>
Date: Sun, 7 Feb 2010 12:19:31 -0500

On Feb 7, 2010, at 12:13 PM, Thor Lancelot Simon wrote:

> On Sun, Feb 07, 2010 at 12:09:28PM -0500, Steven Bellovin wrote:
>> 
>> Is there any way to do strong access control on mountd, statd, and
>> lockd?  For mountd, it appears that I can specify a specific port
>> number, which I can then wall off with ipfilter.  I see no way to do
>> anything similar for statd and lockd -- am I missing something?
> 
> The NFS and mount services are special-cased in the RPC standard: they
> have static port numbers.

mountd also has a -p option to specify a port number.
> 
> That's not true for statd nor lockd.  So I think what you're trying to
> do is not going to work well.

Right.  Are there other choices that I'm missing?

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Follow-Ups:
- Re: access control for mountd, statd, and lockd?
  - From: Matthias Scheler
- Re: access control for mountd, statd, and lockd?
  - From: Thor Lancelot Simon

References:
- access control for mountd, statd, and lockd?
  - From: Steven Bellovin
- Re: access control for mountd, statd, and lockd?
  - From: Thor Lancelot Simon

Prev by Date: Re: access control for mountd, statd, and lockd?
Next by Date: Re: access control for mountd, statd, and lockd?
Previous by Thread: Re: access control for mountd, statd, and lockd?
Next by Thread: Re: access control for mountd, statd, and lockd?
Indexes:

Home | Main Index | Thread Index | Old Index