Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)
ke, 2004-01-21 kello 13:24, Joerg Wendland kirjoitti:
> But why does everybody hate portmap that much? It is not dangerous, it
> does not run as root, there is not much you can do with, so why even
> bother?
It is a security risk, according to the definitions in my previous mail
in this thread. That is, even if it didn't have any known actual
security problems, the fact is that it might have them (we just don't
know them) or get them (once someone modifies it), and then it becomes
an actual security problem. This isn't specific to portmapper, of
course. Having any unnecessary components talk to the network is a cause
for concern.
Having portmapper, but using hosts.deny to let it accept a connection
from the outside and then immediately disconnect it is, I guess, an
acceptable compromise, at least for now. Unfortunately, I've been unable
to set hosts.deny to achieve that (this may be related to bug #101627;
I'll send more info there).
Also, since the only thing I need portmapper for is fam, I wish there
was a way to do without it, but that's not strong enough for me even to
file a wishlist bug on it.
--
http://liw.iki.fi/liw/log/
Reply to: