On Thu, May 12, 2005 at 09:52:35PM -0400, Joey Hess wrote:
>Anibal Monsalve Salazar wrote:
>>>Also, unlike the comment in the file claims, manual modificatons are
>>>lost as soon as the package is reconfigured (or upgraded, I think):
>>
>>I'm afraid that is not the case.
>>
>>>root@dragon:/home/joey>cat /etc/portmap.conf
>>># Portmap configuration file
>>>#
>>># Note: if you manually edit this configuration file,
>>># portmap configuration scripts will avoid modifying it
>>># (for example, by running 'dpkg-reconfigure portmap').
>>>
>>># By default listen on all interfaces
>>>#
>>># If you want portmap to listen only on the loopback
>>># interface, uncomment the following line (it will be
>>># uncommented automatically if you configure this
>>># through debconf).
>>>OPTIONS="-i 127.0.0.1"
>>>root@dragon:/home/joey>dpkg-reconfigure portmap
>>>Stopping portmap daemon: portmap.
>>>Configuring portmap
>>>-------------------
>>>
>>>Portmap by default listens to all IP addresses. However, if you are not using
>>>RPC services that connect to remote servers (like NFS or NIS) you can safely
>>>bind it to the loopback IP address 127.0.0.1.
>>>
>>>This will allow RPC local services (like FAM) to work properly while preventing
>>>remote systems from accessing your RPC services.
>>>
>>>You can change this configuration also by editing the OPTIONS line in the
>>>/etc/portmap.conf file. If you just don't specify the -i option it will bind to
>>>all interfaces.
>>>
>>>Should portmap be bound to the loopback address? no
>>
>>Here you selected 'no'.
>>
>>>Starting portmap daemon: portmap.
>>>Restoring old RPC service information...done.
>>>root@dragon:/home/joey>cat /etc/portmap.conf
>>># Portmap configuration file
>>>#
>>># Note: if you manually edit this configuration file,
>>># portmap configuration scripts will avoid modifying it
>>># (for example, by running 'dpkg-reconfigure portmap').
>>>
>>># By default listen on all interfaces
>>>#
>>># If you want portmap to listen only on the loopback
>>># interface, uncomment the following line (it will be
>>># uncommented automatically if you configure this
>>># through debconf).
>>>#OPTIONS="-i 127.0.0.1"
>>
>>The obove commented out line is the result of the 'no' selection.
>
>THe missing information in the transcript is that "no" was the default,
>even though per the config file the default should have been yes.
It's corrected now.
Changes:
portmap (5-12) unstable; urgency=high
.
* Changed default of debconf question to correspond to the value
in the config file.
>>>> * Fixed "SIGCHLD handler doesn't preserve errno", closes: #306929.
>>>> Patch by Alexander Achenbach <xela@slit.de>.
>>>
>>>Not important or RC is it?
>>
>>It's an RC bug. It may result in termination of the server process.
>>According to the author of the bug report, it was reported on
>>freebsd-bugs back in 1998.
>>
>>>>Version: 5-10
>>>>Closes: 286301 301130 301535
>>>>Changes:
>>>> portmap (5-10) unstable; urgency=high
>>>> .
>>>> * Re-added the debconf configuration, although the default for this is now
>>>> to have portamp listening in all interfaces. The debconf setting
>>>> allows system administrators, base-config and cdd developers to preseed
>>>> this value to 'true' (link only to the loopback interface) if needed.
>>>> Patch by Javier Fernández-Sanguino Peña <jfs@computer.org>.
>>>> Closes: #301130, #286301.
>>>
>>>So you made a change in -10 that introduced a RC bug that was fixed
>>>in -11? And no changes in -10 were RC or even important. The point of
>>>freeze exceptions is not to allow continuing unstable development of
>>>packages in sarge so I don't see why this should be accepted.
>>
>>Javier pushed -10 as an important security improvement for desktop/laptop
>>systems and I agree with him on that regard. Running portmap listening
>>to the world on a desktop/laptop system is a considerable security
>>risk.
>
>This is only my opinion, but debian systems have been running with these
>problems for as long as there was debian; delaying the sarge release to
>fix them does not seem worth it.
>
>--
>see shy jo
Anibal Monsalve Salazar
--
.''`. Debian GNU/Linux
: :' : Free Operating System
`. `' http://debian.org/
`- http://v7w.com/anibal
Attachment:
signature.asc
Description: Digital signature