Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: src



Module Name:    src
Committed By:   jwise
Date:           Mon Jan 11 20:51:09 UTC 1999

Modified Files:
        src/usr.sbin/portmap: Makefile portmap.8 portmap.c
Log Message:
Add four big changes:

* portmap is now tcp-wrapped (i.e. obeys hosts.{allow,deny})
both for lookups (as `portmap') and for forwarded calls to
specific services.

* the new -l flag, analagous to inetd -l, logs all connections
to portmap.

* the new -s flag causes portmap to suid to the user daemon
after binding it's port, so that outgoing connections do
not come from privileged ports.  This prevents users from
using portmap to get a free privileged port.

* portmap now _only_ accepts SETs and UNSETs on the loopback
interface.  In the past, anyone in the world could do all
sorts of nasty things to your portmap tables.  Note that
our libc already_only_ uses the loopback interface to
register rpc ports.

This work is modeled after/partially taken from Wietse Venema's tcp-
wrapped version of the BSD 4.3 portmap.  It has benefitted greatly from my
discussions with Luke, Matt and many others.




Home | Main Index | Thread Index | Old Index