Re: tcpwrapped rpcbind/portmap?

From: Doug Hughes (doug@Eng.Auburn.EDU)
Date: 08/21/01


Date: Tue, 21 Aug 2001 16:58:54 -0500 (CDT)
From: Doug Hughes <doug@Eng.Auburn.EDU>
To: Reg Quinton <reggers@ist.uwaterloo.ca>
Subject: Re: tcpwrapped rpcbind/portmap?
Message-ID: <Pine.SOL.4.10.10108211658240.7142-100000@goodall.eng.auburn.edu>

On Tue, 21 Aug 2001, Reg Quinton wrote:

> > Absolutely. The lack of ACL enforcement within the stock Solaris
> > rpcbind make its use problematic in a security-sensitive environment.
>
> I'd guess you're better off to have the filtering done at a lower level
> in the IP stack and not require that each service implement it's own
> filtering.
>
> Are there no tools for Solaris to do that -- filter at a lower level in
> the IP stack. Would SunScreen Lite do it?
>
> The Seattle folks offer tools for their systems, surely we have something
> for Solaris.
>

ipsec works by pushing modules into the IP stack in Sol8. It's kind
of cool actually.