Bug#457095: nfs-common: statd still cannot restrict its listening address

To: 457095@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#457095: nfs-common: statd still cannot restrict its listening address
From: Sergey B Kirpichev <skirpichev@gmail.com>
Date: Wed, 21 Nov 2012 20:01:05 +0400
Message-id: <[🔎] 20121121160105.GB1457@darkstar.order.hcn-strela.ru>
Reply-to: skirpichev@gmail.com, 457095@bugs.debian.org

severity 457095 important
tag 457095 +security
thanks

That still doesn't work for squeeze backports (1:1.2.5-4~bpo60+1).

$ cat /etc/default/nfs-common|grep STATDOPTS
STATDOPTS="--name 192.168.2.1 --port 60030 --outgoing-port 60031"

# netstat -tulpn|grep statd
tcp        0      0 0.0.0.0:60030           0.0.0.0:*               LISTEN      32233/rpc.statd 
udp        0      0 127.0.0.1:609           0.0.0.0:*                           32233/rpc.statd 
udp        0      0 0.0.0.0:60030           0.0.0.0:*                           32233/rpc.statd 

$ man rpc.statd
...
       -n, --name ipaddr | hostname
              Specifies the bind address used for RPC listener sockets.  The ipaddr form can be expressed as either an IPv4 or an  IPv6  presentation  address.   If  this
              option is not specified, rpc.statd uses a wildcard address as the transport bind address.

              This  string is also passed to the sm-notify command to be used as the source address from which to send reboot notification requests.  See sm-notify(8) for
              details.
...

Reply to:

Follow-Ups:
- Processed: Re: nfs-common: statd still cannot restrict its listening address
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: !
Next by Date: Bug#688364: BCM5720 Gigabit Ethernet PCIe not supported in squeeze baseline kernel
Previous by thread: Processed: !
Next by thread: Processed: Re: nfs-common: statd still cannot restrict its listening address
Index(es):
- Date
- Thread