|
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17 System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64 User : nobody ( 99) PHP Version : 5.2.17 Disable Function : NONE Directory : /usr/share/doc/portmap-4.0/ |
Upload File : |
@(#) BLURB 1.4 96/05/31 15:50:39
This is the fourth replacement portmapper release.
There is an increasing interest in access control for the NIS, mount
and other RPC-based services that are normally registered with the
portmap process. Possible attacks on RPC daemons involve:
- theft of NIS (YP) password files
- ypset to force hosts to bind to a rogue NIS (YP) server
- theft of NFS file handles
My contribution is a replacement portmap program, derived from source
code in the RPCSRC 4.0 and the TIRPC source distributions. Access
control (optional) is in the style of my tcp wrapper (log_tcp) package.
Supported platforms: this program is known to work with all SunOS 4.x
releases. With some Makefile editing it should also work on Ultrix 4.x,
HP-UX 9.x, AIX 3.x and AIX 4.x, and Digital UNIX (OSF/1).
Solaris 2.x and other System V.4 UNIXes should use use my rpcbind
replacement (ftp.win.tue.nl:/pub/security/rpcbind_*.tar.Z).
This portmap version attempts to close all portmap security problems
that are known to me. The README file gives a complete list of
security features.
Without the availability of portmap source, possible alternatives are
1) packet filtering with a smart router (which we do anyway); 2)
linking the portmap executable against the securelib shared library.
Linking RPC daemons against the securelib library is a good idea,
anyway.
The source is available for anonymous FTP from ftp.win.tue.nl directory
/pub/security/portmap_*.tar.gz.
Wietse Venema (wietse@wzv.win.tue.nl)
Mathematics and Computing Science
Eindhoven University of Technology
The Netherlands