X-PMC-CI-e-mail-id: 8013 Lately, there is an annoucement from Sun regarding security problem with its rpcbind. At the office, one of the solaris machine uses a rpcbind replacement: part of the README is attached at the end. Does anyone have an idea if I should upgrade to the Sun rpcbind, or the replacement rpcbind is OK? === begin quote ==== README for rpcbind 1.1 on Fri Dec 9 17:34:12 MET 1994 Description ----------- This is an rpcbind replacement with tcp wrapper style access control. It provides a simple mechanism to discourage remote access to the NIS (YP), NFS, and other rpc services. Alas, the Solaris 2.4 rpcbind will still export file systems to the world through proxy rpc. This version is based on the freely-distributable tirpcsrc2.3 source distribution, as offered for anonymous FTP from playground.sun.com. According to the README: TIRPCSRC 2.3 29 Aug 1994 This distribution contains SunSoft's implementation of transport-independent RPC (TI-RPC), External Data Representation (XDR), and various utilities and documentation. These libraries and programs form the base of Open Network Computing (ONC), and are derived directly from the Solaris 2.3 source. The program has undergone limited testing with SunOS 5.3 (Solaris 2.3). It is obviously very compatible with Solaris 2.3. It will probably work as well with earlier Solaris 2.x versions. Features -------- - host access control on IP addresses. The local host is considered authorized. Host access control requires the libwrap.a library that comes with recent tcp wrapper implementations. - requests that are forwarded by the rpcbind process will be forwarded through an unprivileged port. - the rpcbind process refuses to forward requests to rpc daemons that do (or should) verify the origin of the request: at present, the list includes most of the calls to the NFS mountd/nfsd daemons and the NIS daemons. [omission.] Acknowledgements: ----------------- Thanks to Robert Montjoy for helping with the port of my tirpcsrc1.0 patches to the tirpcsrc2.0 environment. Wietse Venema (wietseat_private) Mathematics and Computing Science Eindhoven University of Technology The Netherlands === end quote ==== -- Ishikawa, Chiaki ishikawa@personal-media.co.jp.NoSpam or (family name, given name) Chiaki.Ishikawa@personal-media.co.jp.NoSpam Personal Media Corp. ** Remove .NoSpam at the end before use ** Shinagawa, Tokyo, Japan 142
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:48:47 PDT