Re: tcpwrapped rpcbind/portmap?

From: Hal Flynn (flynn@securityfocus.com)
Date: 08/21/01 

Date: Mon, 20 Aug 2001 16:44:10 -0600 (MDT)
From: Hal Flynn <flynn@securityfocus.com>
To: <focus-sun@securityfocus.com>
Subject: Re: tcpwrapped rpcbind/portmap?
Message-ID: <Pine.GSO.4.30.0108201641160.23536-100000@mail>

> Absolutely. The lack of ACL enforcement within the stock Solaris
> rpcbind make its use problematic in a security-sensitive environment.

How so? Is it not possible to access any service that uses rpc directly
anyways? :>

Case in point, sadmin. It's entirely possible to write a scanning tool
(there may already be one I don't know of) that assesses services
listening on ephemeral ports, and through protocol analysis discovers what
kind of service it is. Even so, a host-based firewall is likely to be
more secure than one particular daemon with access control. Combined with
layers of access control above it ala network firewall, router acl's, etc.

Perhaps I'm just a draconian BOFH type, but for systems that are
production and in a DMZ, the only good rpc is no rpc.

In short, or at least in my opinion, if you're betting the farm on a more
secure rpcbind...well let me just say the cows and chickens are going to
gang up on you one night while you're sleeping.

Hal Flynn
Sun/Linux Focus Area Manager
SecurityFocus

"Arbeit macht das Leben süss."