home *** CD-ROM | disk | FTP | other *** search
- This is the third replacement portmapper release. It offers better
- portability to HP-UX and FreeBSD and some minor tweaks. If the previous
- releases work for you, then don't bother installing this one.
-
- There is an increasing interest in access control for the NIS, mount
- and other RPC-based services that are normally registered with the
- portmap process. Possible attacks on RPC daemons involve:
-
- - theft of NIS (YP) password files
-
- - ypset to force hosts to bind to a rogue NIS (YP) server
-
- - theft of NFS file handles
-
- My contribution is a replacement portmap program, derived from source
- code in the RPCSRC 4.0 and the TIRPC source distributions. Access
- control is in the style of my tcp wrapper (log_tcp) package. It should
- work with all SunOS 4.x and Ultrix >= 3.0 releases. However, the source
- is reasonably portable and the code should work on most UNIX systems
- that provide SUNRPC on top of BSD-style TCP/IP. System V.4 support is
- problematic, though.
-
- The present portmap version attempts to close all portmap security
- problems that are known to me. It should be as secure as the portmap
- daemon that comes with the SunOS 4.x portmap+NIS patch (patch id
- 100482-02). The README file gives a complete list of security
- features.
-
- Without the availability of portmap source, possible alternatives are
- 1) packet filtering with a smart router; 2) linking the portmap
- executable against the securelib shared library. Linking RPC daemons
- against the securelib library is a good idea, anyway.
-
- The source is available for anonymous FTP from ftp.win.tue.nl directory
- /pub/security/portmap_*.shar.Z.
-
- Wietse Venema (wietse@wzv.win.tue.nl)
- Mathematics and Computing Science
- Eindhoven University of Technology
- The Netherlands
-
