Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)

To: debian-devel@lists.debian.org
Subject: Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)
From: Steve Greenland <steveg@moregruel.net>
Date: Wed, 21 Jan 2004 13:12:12 -0600
Message-id: <[🔎] 20040121191212.GA29619@moregruel.net>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: Steve Greenland <steveg@moregruel.net>
In-reply-to: <[🔎] 20040121112430.GP23835@sol.wh-hms.uni-ulm.de>
References: <[🔎] 400D617F.3040909@twcny.rr.com> <[🔎] 20040120183903.GN23835@sol.wh-hms.uni-ulm.de> <[🔎] 20040120205615.GA23932@moregruel.net> <[🔎] 20040121112430.GP23835@sol.wh-hms.uni-ulm.de>

On 21-Jan-04, 05:24 (CST), Joerg Wendland <joergland@debian.org> wrote: 
> But why does everybody hate portmap that much?  It is not dangerous, it
> does not run as root, there is not much you can do with, so why even
> bother?

I think many remember when portmapper (not necessarily the linux
implementation) had a series of security problems, and the general
conclusion then was that the best solution was to just not run it. It
may have been fixed in the meantime, but we still have a fundamental
distrust. Just like sendmail :-)

In this particular case, where all FAM is doing is looking up a port
number, portmapper is way overkill. That's what getservbyname() is for.
The admitted downside is that using getservbyname() requires an assigned
port number. That could be mitigated in the transistion by assuming a
particular port if getservbyname() failed, which should work fine, given
that (probably) 99% of the use will be with localhost. Talking to a
remote host, fall back to portmapper, which is likely to be running on
the remote host anyway.

Or maybe everyone (well, the people who do the work :-)) will decide
that they can use tcpwrappers to control access to the portmapper, and
that such would be sufficient.

Steve
-- 
Steve Greenland
    The irony is that Bill Gates claims to be making a stable operating
    system and Linus Torvalds claims to be trying to take over the
    world.       -- seen on the net

Reply to:

Follow-Ups:
- Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)
  - From: Henning Makholm <henning@makholm.net>
- Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

References:
- Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)
  - From: Nathanael Nerode <neroden@twcny.rr.com>
- Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)
  - From: Joerg Wendland <joergland@debian.org>
- Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)
  - From: Steve Greenland <steveg@moregruel.net>
- Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)
  - From: Joerg Wendland <joergland@debian.org>

Prev by Date: Re: Removal of libtool1.4
Next by Date: Re: w3m -> standard, lynx -> optional
Previous by thread: Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)
Next by thread: Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted)
Index(es):
- Date
- Thread