(Q) Sun Rpcbind problem.

From: Chiaki Ishikawa (Chiaki.Ishikawa@PERSONAL-MEDIA.CO.JP)
Date: Fri Apr 10 1998 - 04:31:14 PDT

Next message: Fernand Portela: "Communicator exploits"

Previous message: Nicolas Dubee: "Sun rpcbind"
Next in thread: Casper Dik: "Re: (Q) Sun Rpcbind problem."
Reply: Casper Dik: "Re: (Q) Sun Rpcbind problem."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

X-PMC-CI-e-mail-id: 8013

Lately, there is an annoucement from Sun regarding security problem
with its rpcbind.

At the office, one of the solaris machine uses a rpcbind replacement:
part of the README is attached at the end.

Does anyone have an idea if I should upgrade to the Sun rpcbind, or
the replacement rpcbind is OK?

=== begin quote ====
README for rpcbind 1.1 on Fri Dec  9 17:34:12 MET 1994

Description
-----------

This is an rpcbind replacement with tcp wrapper style access control.
It provides a simple mechanism to discourage remote access to the NIS
(YP), NFS, and other rpc services.

Alas, the Solaris 2.4 rpcbind will still export file systems to the
world through proxy rpc.

This version is based on the freely-distributable tirpcsrc2.3 source
distribution, as offered for anonymous FTP from playground.sun.com.
According to the README:

    TIRPCSRC 2.3 29 Aug 1994

    This distribution contains SunSoft's implementation of
    transport-independent RPC (TI-RPC), External Data Representation
    (XDR), and various utilities and documentation.  These libraries
    and programs form the base of Open Network Computing (ONC), and are
    derived directly from the Solaris 2.3 source.

The program has undergone limited testing with SunOS 5.3 (Solaris 2.3).
It is obviously very compatible with Solaris 2.3. It will probably work
as well with earlier Solaris 2.x versions.

Features
--------

- host access control on IP addresses. The local host is considered
authorized. Host access control requires the libwrap.a library that
comes with recent tcp wrapper implementations.

- requests that are forwarded by the rpcbind process will be forwarded
through an unprivileged port.

- the rpcbind process refuses to forward requests to rpc daemons that
do (or should) verify the origin of the request: at present, the list
includes most of the calls to the NFS mountd/nfsd daemons and the NIS
daemons.

        [omission.]

Acknowledgements:
-----------------

Thanks to Robert Montjoy for helping with the port of my tirpcsrc1.0
patches to the tirpcsrc2.0 environment.

        Wietse Venema (wietseat_private)
        Mathematics and Computing
        Science Eindhoven University of Technology
        The Netherlands

=== end   quote ====

--
     Ishikawa, Chiaki        ishikawa@personal-media.co.jp.NoSpam  or
 (family name, given name) Chiaki.Ishikawa@personal-media.co.jp.NoSpam
    Personal Media Corp.      ** Remove .NoSpam at the end before use **
  Shinagawa, Tokyo, Japan 142

Next message: Fernand Portela: "Communicator exploits"
Previous message: Nicolas Dubee: "Sun rpcbind"
Next in thread: Casper Dik: "Re: (Q) Sun Rpcbind problem."
Reply: Casper Dik: "Re: (Q) Sun Rpcbind problem."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:48:47 PDT