Bug#81118: base: Wishlist: High security base system (or separate add-on package)
On 01-01-04 Anthony Towns wrote:
> On Thu, Jan 04, 2001 at 01:09:34PM +0100, Christian Kurz wrote:
> > > don't be so sure, i recently saw someone on -devel get yelled at for
> > > saying portmap is not secure.
> > Well, I would suggest, that those people who yell me for this, either do
> > a audit of portmap and present it on -devel or shut up.
> Oh, and for reference, portmap hasn't has a security update forever
> while I've been maintaining it. Heck, there don't seem to have been any
> changes to portmap since 1997. But hey, feel free to make the traditional
> baseless accusations of insecurity, whatever.
Oh, are you sure that you are not forgetting those nfs and rpc-bugs that
are all only possible due to some running portmap? Also I remember a bug
in portmap that has been found 1998. And I'm still not convinced that
portmap is secure until it has been fully audited.
Debian Developer and Quality Assurance Team Member
1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853