Groups | Search | Server Info | Keyboard shortcuts | Login | Register

Groups > comp.os.linux.security > #670

Re: portmap/rpcbind and tcpwrapper

From William Unruh <unruh@invalid.ca>
Newsgroups alt.os.linux.mageia, comp.os.linux.security
Subject Re: portmap/rpcbind and tcpwrapper
Date 2015-10-12 22:18 +0000
Organization A noiseless patient Spider
Message-ID <mvhbir$dgs$3@dont-email.me> (permalink)
References (3 earlier) <mvbegc$1v0m$1@saria.nerim.net> <mvbrdu$kpu$1@dont-email.me> <561b6750$0$23746$e4fe514c@news.xs4all.nl> <mvgph4$1er$1@dont-email.me> <mvh01h$kns$1@saria.nerim.net>

Cross-posted to 2 groups.

Show all headers | View raw

On 2015-10-12, Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> wrote:
> William Unruh a ?crit :
>> On 2015-10-12, Rob van der Putten <rob@sput.nl> wrote:
>>>
>>> William Unruh wrote:
>>>
>>>> rpcbind does not honour libwrap by default.
>>> Over here it does (libwrap);
>> 
>> Which version? Which distribution?
>
> The mention of "Iceape" in the message headers suggests the distribution
> is Debian or a derivative. Iceape is the unbranded version of Seamonkey
> provided by Debian.
>
> Indeed rpcbind depends on libwrap0 in all currently maintained versions
> of Debian.

Good. By default, rpcbind does not. Ie, you have explicitly put in 
--enable-libwrap as an argument to the configure script in order to have
rpcbind use libwrap. And may distros do not do so. 
When asked they get all holy, and say that libwrap is not a good thing,
and people should use a firewall instead. So silently breaking a working
security fence is OK, because there are situtions in which that fence
has weaknesses.

Back to comp.os.linux.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-01 07:48 +0000
  Re: portmap/rpcbind and tcpwrapper Rob van der Putten <rob@sput.nl> - 2015-10-10 15:32 +0200
    Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-10 15:58 +0000
      Re: portmap/rpcbind and tcpwrapper Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2015-10-10 18:31 +0200
        Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-10 20:11 +0000
          Re: portmap/rpcbind and tcpwrapper Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2015-10-11 11:37 +0200
          Re: portmap/rpcbind and tcpwrapper Rob van der Putten <rob@sput.nl> - 2015-10-12 09:54 +0200
            Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-12 17:09 +0000
              Re: portmap/rpcbind and tcpwrapper Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2015-10-12 21:01 +0200
                Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-12 22:18 +0000
              Re: portmap/rpcbind and tcpwrapper Rob van der Putten <rob@sput.nl> - 2015-10-12 21:39 +0200
  Re: portmap/rpcbind and tcpwrapper "SyMcBean ( http://lampe2e.blogspot.co.uk )" <colin.mckinnon@gmail.com> - 2015-10-22 14:55 -0700
    Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-23 00:15 +0000

csiph-web