On Wed, Jan 21, 2004 at 01:02:57AM -0500, Nathanael Nerode wrote:
Henning Makholm wriote:
Has to? Unless portmap itself contains exploitable security holes,
there's nothing secret about the information it exports, is there?
No. But I was certainly under the impression that it had contained remotely
exploitable security holes in the past. So...
Well "in the past" can be anything from 1 year ago to 10 years ago, in any
case this I was pretty sure I had read this before... yep... it's right
there hidden in bug #81118, looks like the start of a flame war.
/me looks for popcorn around
In any case, why don't we, instead of worrying about fam, start fixing the
fact that portmap is 'standard' (which is ok) and starts a network daemon
which many (desktop) users will not have really a need for.
medium? debconf question asking if it should be started at all.... or have
a default 'portmap: LOCAL' (in /etc/hosts.allow) and 'portmap: ALL' (in
/etc/hosts.deny) [1]. If the later [2] this could be done for some other
rpc services (rpc.statd, rpc.usersd, rpc.walld) which users might have
installed in a standard installation....