Re: tcpwrapped rpcbind/portmap?
From: Trevor Fiatal (trevor@seven.com)Date: 08/15/01
- Previous message: Geoff Collis: "tcpwrapped rpcbind/portmap?"
- In reply to: Geoff Collis: "tcpwrapped rpcbind/portmap?"
- Next in thread: Reg Quinton: "Re: tcpwrapped rpcbind/portmap?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3B79B0BA.43E3F4E@seven.com> Date: Tue, 14 Aug 2001 16:14:02 -0700 From: Trevor Fiatal <trevor@seven.com> To: Geoff Collis <geoff@andale.com> Subject: Re: tcpwrapped rpcbind/portmap?
Geoff Collis wrote:
>
> As a standard part of hardening Solaris 2.6 and Solaris 7 I would normally
> replace rpcbind and portmap with Wietse's versions
> (http://ftp.porcupine.org/pub/security/index.html) so that access to these
> is controlled /etc/hosts.allow and /etc/hosts.deny files.
>
> I believe I need "rpcbind" to allow my secured host to NFS mount the NFS
> shares on my Network Appliance file servers.
>
> These programs are based on fairly old source, so should I still do this on
> Solaris 8?
I found the available rpcbind-replacement distributions to be
unreliable on Solaris 8. From the data uncovered in the debugging
process, plus a small amount of time spent examining the code,
it looks to me like a reimplementation of tcpwrappered rpcbind
for Solaris 8 will be required for it to work.
It's on my to-do list, but it could be a couple of months before
I get around to hacking the changes into the Sol8 rpcbind source,
and even then I'm not sure I could distribute the resulting
modified code.
-Trevor
-- Trevor Fiatal -- trevor@seven.com -- http://www.seven.com/ Co-Founder Seven 510.967.4556 (work/mobile) 510.401.8054 (vmail/fax)
- Previous message: Geoff Collis: "tcpwrapped rpcbind/portmap?"
- In reply to: Geoff Collis: "tcpwrapped rpcbind/portmap?"
- Next in thread: Reg Quinton: "Re: tcpwrapped rpcbind/portmap?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
