Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)

To: debian-devel@lists.debian.org
Subject: Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)
From: Henning Makholm <henning@makholm.net>
Date: 20 Jan 2004 21:01:58 +0000
Message-id: <[🔎] 877jzmibax.fsf@kreon.lan.henning.makholm.net>
In-reply-to: <[🔎] 200401201457.46757.neroden@twcny.rr.com>
References: <[🔎] 200401201457.46757.neroden@twcny.rr.com>

Scripsit Nathanael Nerode <neroden@twcny.rr.com>

> My apologies for my confusion.  I guess portmap has to be fixed to
> not listen remotely by default then.

Has to? Unless portmap itself contains exploitable security holes,
there's nothing secret about the information it exports, is there?

One might even argue that locking down portmap tight would give users
the false impression that if only you don't tell the bad guys which
port their server is listening on, the bad guys won't be able to
connect to it.

-- 
Henning Makholm  "I paid off ALL my debts and bought a much-needed new car."

Reply to:

References:
- Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)
  - From: Nathanael Nerode <neroden@twcny.rr.com>

Prev by Date: Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)
Next by Date: Announce: buildd stats, infos, contacts
Previous by thread: Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)
Next by thread: Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)
Index(es):
- Date
- Thread