[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#939890: buster-pu: package rpcbind/1.2.5-0.3+deb10u1



On Mon, Sep 09, 2019 at 08:27:31PM -0400, Sam Hartman wrote:
> What are the security implications of enabling this configure flag?
Enabling this flag lets rpcbind to open random listening ports.
This would make firewalling very hard. 
(Default behavior prior version 1.2.5)

> Why is it off by default?
Upstream set it off by default since they claimed about customers complaining
about this behavior and supposedly it's not widely used.
Check [1] for more details.

Debian users running NIS services in Buster have reported breakage in their system
due the lack of the remote call functionality.

[1]: https://sourceforge.net/p/libtirpc/mailman/message/36377232/

Regards,

Josue

Attachment: signature.asc
Description: PGP signature


Reply to: