[2104] in linux-security and linux-alert archive
[linux-security] Re: portmap vulnerability?
daemon@ATHENA.MIT.EDU (Paul L. Schmidt)
Wed Dec 9 10:36:54 1998
Date: Wed, 9 Dec 1998 08:39:22 -0500 (EST)
From: "Paul L. Schmidt" <pschmidt@custom.net>
To: linux-security@redhat.com
In-Reply-To: <tcppop3.2146931@Viaduct.CUSTOM.NET>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On 9 Dec 1998 R.E.Wolff@BitWizard.nl wrote:
> Christopher Lindsey wrote:
> > And of course if you must run portmap, use TCP wrappers to limit
> > it to a certain range of hosts. Assuming that hosts.deny has
>
> Actually, portmapper cannot run "behind" tcp wrappers. It opens
> its port and waits for connections. However, it seems that modern
> portmappers are linked with the library from tcpwrappers, so that
> it takes the same config files as the tcpwrappers do. Nifty!
>
<-snip->
> > rpc.mountd can also be limited, but I don't know if that support
> > is in the default RedHat binaries. You can always grab the source
> > from
> >
> > ftp://linux.mathematik.tu-darmstadt.de/pub/linux/people/okir/
Another solution is to compile the kernel with IP firewalling and
do the filtering at the kernel level. This solution will be port-
specific rather than application-specific, but it will work with
anything - whether or not it's wrapper-aware.
-ps
Paul Schmidt < >< PSchmidt at Custom dot Net
Bloomfield, IN USA Linux 2.0.36 web: viaduct.custom.net/pschmidt
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
