RE: tcpwrapped rpcbind/portmap?
From: Sean@boran.comDate: 08/20/01
- Previous message: Steven Chansky: "RE: ipsec config problem :URGENT HELP NEEDED"
- In reply to: Casper ***: "Re: tcpwrapped rpcbind/portmap?"
- Next in thread: Trevor Fiatal: "Re: tcpwrapped rpcbind/portmap?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: <Sean@boran.com> To: "'Casper ***'" <Casper.***@Sun.COM> Subject: RE: tcpwrapped rpcbind/portmap? Date: Mon, 20 Aug 2001 23:41:47 +0200 Message-ID: <005501c129c0$ea20c3c0$091111b0@sigma>
> Wouldl it be a good idea to have a "safer" rpcbind in Solaris?
>
> If so, what would "safer" mean?
> o Not listening to the world at all optionally)
> o No indirect calls (optionally)
> o "wrapped" functionality.
>
> And which would you like best?
>
> In principle, option £2 would do away with most uncertainty
> about rpcbind
> security.
For CDE or other "local stuff" the first would be nice, for NFS the second.
But the rpc services themselves still remain a problem: statd, mountd,
lockd, etc. Perhaps a common "tcp-wrapper like access control" for all rpc
services going forward could be implemented?
my 10 centimes..
Sean
- Previous message: Steven Chansky: "RE: ipsec config problem :URGENT HELP NEEDED"
- In reply to: Casper ***: "Re: tcpwrapped rpcbind/portmap?"
- Next in thread: Trevor Fiatal: "Re: tcpwrapped rpcbind/portmap?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
