• Part I
  • sun managers I
• Part D
  • sun managers D
• Part L
  • sun managers L
• Part H
  • sun managers H
• Part B
  • sun managers B
• Part E
  • sun managers E
• Part J
  • sun managers J
• Part F
  • sun managers F
• Part C
  • sun managers C
• Part K
  • sun managers K

SITEMAP

secure RPC

Thanks to Casper Dik (the only respondent) for the following answers:

a)

It's teh only secure portmapper I know off.

Rpcbind does two things: it acts as a nameservice (maps programs,vers ->

port #). The second thimng it does is act as an intermediary for

indirect calls; this is used for broadcast RPC.

It's also the cause of quite a few security holes and many services

should be barred from being called indirectly.

b)

No. While it has a socket in that port range, it doesn't listen on it.

Ephemeral ports start at 32K in Solaris, thats why you see the

high ports.

c)

I should probably use the stock rpcbind. (5.3 is very old).

> I'm curious about the rpcbind that is avail from ftp.win.tue.nl.

>

> a) Obviously, I need to use this to use /etc/hosts.{allow,deny}. Or do I?

> Are other secure portmappers available? I thought all rpcbind did was

> answer requests to map programs to ports, then the client contacts the

> server directly. If I already know the port, why can't I skip using

> rpcbind/portmap altogether? If that's the case, what use is a secure

> portmapper anyway?

>

> b) Does solaris 2.6 rpcbind (105216_01 version) listen on high numbered

> ports also? netstat -a shows:

>

> UDP

> Local Address Remote Address State

> -------------------- -------------------- -------

> *.sunrpc Idle

> *.* Unbound

> *.32771 Idle

> *.talk Idle

> *.32773 Idle

> *.32777 Idle

> *.32778 Idle

> *.32779 Idle

> *.32780 Idle

> *.lockd Idle

> *.syslog Idle

> *.177 Idle

> *.* Unbound

>

> c) Are there other (security or other) problems in the 5.3 based rpcbind

> that are fixed in 5.6 (again, 105216_01)? Are they severe enough that I

> should stick with the stock rpcbind? eg fix for bugid 4032093 (rpcbind can

> only handle 16 IP addresses) is not integrated into the secure rpcbind.

> I'll need that for at least some machines.

>

> I can look through sunsolve and see what patches are available since

> 5.3, but not all of the bug reports are there, so there may not be enough

> detail for me to make a decision.

>

> TIA!

>

> --

> ~frank

> * I am Pentium of Borg. Division is futile. You will be approximated. *

> * PGP ID: C001AA75 -|- fcusack@voicenet.com *

>

>

>

--
~frank
* I am Pentium of Borg. Division is futile. You will be approximated. *
* PGP ID: C001AA75 -|- fcusack@voicenet.com *

Comments

"sun managers M [Part M]" Sponsored Links

• "sun managers M [Part M]" New Questiones!

  • Secure File Deletion
  • second hme port - what am i forgetting:
  • Second CPU
  • Searchable SUMMARY database
  • SCSI-Errors
  • SCSI Woes.
  • SCSI transport failed
  • SCSI transport failed
  • scsi transport errors
  • SCSI Interface Question
  • SCSI errors
  • SCSI disk in Ultra 5
  • SCSI - PCI
  • Scripts for Backup with Data Compression
  • scripting tool under X11
  • screen resolution (can't seem to reset)
  • sar
  • Samba : User authentication error.
  • Samba
  • Rx_call_proceeding message

Copyright © 2008 thatsjava.com • All rights reserved • CMS Theme by WebmasterFund.com - 0.172