Bug#457095: nfs-common: statd still cannot restrict its listening address
severity 457095 important
tag 457095 +security
thanks
That still doesn't work for squeeze backports (1:1.2.5-4~bpo60+1).
$ cat /etc/default/nfs-common|grep STATDOPTS
STATDOPTS="--name 192.168.2.1 --port 60030 --outgoing-port 60031"
# netstat -tulpn|grep statd
tcp 0 0 0.0.0.0:60030 0.0.0.0:* LISTEN 32233/rpc.statd
udp 0 0 127.0.0.1:609 0.0.0.0:* 32233/rpc.statd
udp 0 0 0.0.0.0:60030 0.0.0.0:* 32233/rpc.statd
$ man rpc.statd
...
-n, --name ipaddr | hostname
Specifies the bind address used for RPC listener sockets. The ipaddr form can be expressed as either an IPv4 or an IPv6 presentation address. If this
option is not specified, rpc.statd uses a wildcard address as the transport bind address.
This string is also passed to the sm-notify command to be used as the source address from which to send reboot notification requests. See sm-notify(8) for
details.
...
Reply to: