Bug#81118: base: Wishlist: High security base system (or separate add-on package)

To: Anthony Towns <aj@azure.humbug.org.au>
Cc: 81118@bugs.debian.org, Ethan Benson <erbenson@alaska.net>
Subject: Bug#81118: base: Wishlist: High security base system (or separate add-on package)
From: Christian Kurz <shorty@debian.org>
Date: Thu, 4 Jan 2001 13:33:32 +0100
Message-id: <20010104133332.B24738@bofh.de>
Reply-to: Christian Kurz <shorty@debian.org>, 81118@bugs.debian.org
In-reply-to: <20010104222412.B6266@azure.humbug.org.au>
References: <200101030815.f038Fhb02014@away.lingsoft.fi> <20010103105837.B6915@home.debsupport.de> <20010103195058.F641@seteuid.getuid.de> <20010104003316.F29805@plato.local.lan> <20010104104046.C18474@bofh.de> <20010104010227.H29805@plato.local.lan> <20010104113708.A23730@bofh.de> <20010104023556.K29805@plato.local.lan> <20010104130934.A23972@bofh.de> <20010104222412.B6266@azure.humbug.org.au>

On 01-01-04 Anthony Towns wrote:
> On Thu, Jan 04, 2001 at 01:09:34PM +0100, Christian Kurz wrote:
> > > don't be so sure, i recently saw someone on -devel get yelled at for
> > > saying portmap is not secure.  
> > Well, I would suggest, that those people who yell me for this, either do
> > a audit of portmap and present it on -devel or shut up.

> Oh, and for reference, portmap hasn't has a security update forever
> while I've been maintaining it. Heck, there don't seem to have been any
> changes to portmap since 1997. But hey, feel free to make the traditional
> baseless accusations of insecurity, whatever.

Oh, are you sure that you are not forgetting those nfs and rpc-bugs that
are all only possible due to some running portmap? Also I remember a bug
in portmap that has been found 1998. And I'm still not convinced that
portmap is secure until it has been fully audited.

Ciao
     Christian
-- 
          Debian Developer and Quality Assurance Team Member
    1024/26CC7853 31E6 A8CA 68FC 284F 7D16  63EC A9E6 67FF 26CC 7853

Reply to:

References:
- Bug#81118: base: Wishlist: High security base system (or separate add-on package)
  - From: era eriksson <era@iki.fi>
- Bug#81118: base: Wishlist: High security base system (or separate add-on package)
  - From: Michael Bramer <grisu@debian.org>
- Bug#81118: base: Wishlist: High security base system (or separate add-on package)
  - From: Christian Kurz <shorty@debian.org>
- Bug#81118: base: Wishlist: High security base system (or separate add-on package)
  - From: Ethan Benson <erbenson@alaska.net>
- Bug#81118: base: Wishlist: High security base system (or separate add-on package)
  - From: Christian Kurz <shorty@debian.org>
- Bug#81118: base: Wishlist: High security base system (or separate add-on package)
  - From: Ethan Benson <erbenson@alaska.net>
- Bug#81118: base: Wishlist: High security base system (or separate add-on package)
  - From: Christian Kurz <shorty@debian.org>
- Bug#81118: base: Wishlist: High security base system (or separate add-on package)
  - From: Ethan Benson <erbenson@alaska.net>
- Bug#81118: base: Wishlist: High security base system (or separate add-on package)
  - From: Christian Kurz <shorty@debian.org>
- Bug#81118: base: Wishlist: High security base system (or separate add-on package)
  - From: Anthony Towns <aj@azure.humbug.org.au>

Prev by Date: Bug#81118: base: Wishlist: High security base system (or separate add-on package)
Next by Date: Bug#81118: base: Wishlist: High security base system (or separate add-on package)
Previous by thread: Bug#81118: base: Wishlist: High security base system (or separate add-on package)
Next by thread: Bug#81118: base: Wishlist: High security base system (or separate add-on package)
Index(es):
- Date
- Thread