Better defaults in /etc/hosts.allow, /etc/hosts.deny? (was Re: Fam mustn't depend on portmap (was Re: new portmap packages, testers wanted))
Javier Fernández-Sanguino Peña wrote:
On Wed, Jan 21, 2004 at 01:02:57AM -0500, Nathanael Nerode wrote:
Henning Makholm wriote:
Has to? Unless portmap itself contains exploitable security holes,
there's nothing secret about the information it exports, is there?
No. But I was certainly under the impression that it had contained remotely
exploitable security holes in the past. So...
Well "in the past" can be anything from 1 year ago to 10 years ago, in any
case this I was pretty sure I had read this before... yep... it's right
there hidden in bug #81118, looks like the start of a flame war.
/me looks for popcorn around
In any case, why don't we, instead of worrying about fam, start fixing the
fact that portmap is 'standard' (which is ok) and starts a network daemon
which many (desktop) users will not have really a need for.
Quite right, that's the actual issue.
Why not have a
Actually this is a good idea and would be a general improvement to
Debian. Changing the subject to discuss this. :-)
medium? debconf question asking if it should be started at all.... or have
a default 'portmap: LOCAL' (in /etc/hosts.allow) and 'portmap: ALL' (in
/etc/hosts.deny) . If the later  this could be done for some other
rpc services (rpc.statd, rpc.usersd, rpc.walld) which users might have
installed in a standard installation....
Just my 2c.
Yours are always worth much more. ;-)
 Obviously, as long as #101627 is closed, which seems to be (but has not
yet been closed)
 A third alternative means having it listen only on loopback, but