On Thu, May 24, 2001 at 01:34:01AM -0700, Jacob Meuser wrote: > OpenBSD ships with rstatd and ruserd enabled by default and according to > http://www.openbsd.org/ > > "Four years without a remote hole in the default install!" > > Which begs the question, especially since the *BSD's release their > sources under BSD style liscenses, why does rpc remain a security problem > in Linux? Is it the kernel? Is it the rpc code? This is not the same stuff at all. They ship with rstatd turned on, not rpc.statd. They are completely different. rpc.statd is used by nfs. rstatd is used by the rstat program, which tells you info about machines on your network. It is like running 'uptime' on all your machines at once. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgpVFQbiZuEkd.pgp
Description: PGP signature