Re: tcpwrapped rpcbind/portmap?

From: Casper Dik (Casper.Dik@Sun.COM)
Date: 08/18/01


Message-Id: <200108182123.XAA08709@romulus.Holland.Sun.COM>
To: Geoff Collis <geoff@andale.com>
Subject: Re: tcpwrapped rpcbind/portmap? 
Date: Sat, 18 Aug 2001 23:23:30 +0200
From: Casper Dik <Casper.Dik@Sun.COM>


>Reg
>
>Thanks this helps...
>
>I *should* only need to mount the NetApps via /etc/vfstab, but you know what
>happens to the best of plans! :-)
>
>I suspect I may need to run statd/lockd because these file systems are
>mounted read/write on many systems... but a little experimentation is in
>order I think.
>
>I was hoping to get comments from Casper, or Wietse on this but so far none.
>
>So far I have had only two other responses, one saying yes it works fine
>provided you use gcc-2.95.2 or later, and one saying it does not work
>reliably at all!
>

He,, we were all at Usenix security in Washington !

File locking does require RPCbind on the client, but I suppose you
could be fine without it.

Wouldl it be a good idea to have a "safer" rpcbind in Solaris?

If so, what would "safer" mean?
        o Not listening to the world at all optionally)
        o No indirect calls (optionally)
        o "wrapped" functionality.

And which would you like best?

In principle, option 2 would do away with most uncertainty about rpcbind
security.

Casper