Re: tcpwrapped rpcbind/portmap?

From: Doug Hughes (doug@Eng.Auburn.EDU)
Date: 08/21/01


Date: Tue, 21 Aug 2001 16:58:54 -0500 (CDT)
From: Doug Hughes <doug@Eng.Auburn.EDU>
To: Reg Quinton <reggers@ist.uwaterloo.ca>
Subject: Re: tcpwrapped rpcbind/portmap?
Message-ID: <Pine.SOL.4.10.10108211658240.7142-100000@goodall.eng.auburn.edu>

On Tue, 21 Aug 2001, Reg Quinton wrote:

> > Absolutely. The lack of ACL enforcement within the stock Solaris
> > rpcbind make its use problematic in a security-sensitive environment.
>
> I'd guess you're better off to have the filtering done at a lower level
> in the IP stack and not require that each service implement it's own
> filtering.
>
> Are there no tools for Solaris to do that -- filter at a lower level in
> the IP stack. Would SunScreen Lite do it?
>
> The Seattle folks offer tools for their systems, surely we have something
> for Solaris.
>

ipsec works by pushing modules into the IP stack in Sol8. It's kind
of cool actually.



Relevant Pages

  • Re: tcpwrapped rpcbind/portmap?
    ... Subject: tcpwrapped rpcbind/portmap? ... The lack of ACL enforcement within the stock Solaris ... I'd guess you're better off to have the filtering done at a lower level ... in the IP stack and not require that each service implement it's own ...
    (Focus-SUN)
  • Re: Packet Filtering API (PfSetLogBuffer)
    ... for programmatic packet filtering on legacy Windows (i.e. ... prefer to use user-mode APIs for simplicity and stability. ... it is somehow overwriting the stack. ...
    (microsoft.public.win32.programmer.networks)
  • Re: Kernel stack overflow on 2.6.9-rc2
    ... > To save you filtering out functions with less than 100 ... putting it on the stack. ... Andreas Dilger ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)