>Lately, there is an annoucement from Sun regarding security problem >with its rpcbind. > >At the office, one of the solaris machine uses a rpcbind replacement: >part of the README is attached at the end. > >Does anyone have an idea if I should upgrade to the Sun rpcbind, or >the replacement rpcbind is OK? I've talked some with Wietse, and it seems his replacement rpcbind does exactly the same thing wrong as teh real thing. However, this is not big security problem people can exploit at will. It requires teh system administrator to want to kill and restart rpcbind. It will then dump out the tables to /tmp (unsafely) and when started up it will reread them (also unsafely). So if you refrain from killing rpcbind with SIGINT or SIGTERM, you should be OK. If you have "set nfssrv:nfs_portmon = 1" in /etc/system, you have little to worry about when it come sto rpcbind as shipped by Sun, it also now filters many different indirect RPC calls. (Indirect RPC calls are required to suport broadcast RPC) Wietse's rpcbind continues to offer the advantage of filtering and logging, but it should be noted that rpcbind need not be involved in remote procedure calls at all. Portscanning and then calling also find rpc services. Casper
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:48:48 PDT