bin/84494: rpcbind TCP cannot be told to bind to a specific IP
Brian A. Seklecki
bseklecki at mx00.pub.collaborativefusion.com
Sat Mar 11 01:41:02 GMT 2006
The following reply was made to PR bin/84494; it has been noted by GNATS.
From: "Brian A. Seklecki" <bseklecki at mail.pub.collaborativefusion.com>
To: bug-followup at FreeBSD.org, taosecurity at gmail.com
Cc: Bill Moran <wmoran at collaborativefusion.com>, dd at freebsd.org,
mbr at freebsd.org, alfred at freebsd.org
Subject: Re: bin/84494: rpcbind TCP cannot be told to bind to a specific IP
Date: Fri, 10 Mar 2006 17:13:39 -0500
This is a MIME-formatted message. If you see this text it means that your
E-mail software does not support MIME-formatted messages.
--=_wingspan-74575-1142028819-0001-2
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
[CC'ing the developer swho added -h and TCP support]
In addition to the security implications for multi-homed systems that
have public and private interfaces (and the implication for a software
firewall), this is a serious impediment to creating system <-> service
abstraction.=20
In large environments where High Availability is a requirement, services
are frequently "bound" to VIPs that can easily be moved from one system
to another using Fail-over Management Software. =20
In fact, all of the NFS related utilities are lacking in this facility,
specifically, nfsd(8) and mountd(8).
mountd(8) does feature a "-p" flag to specify the used to ensure a
specific port is reused, thus helping to sanitize RPC/NFS in through a
firewall, but lacks a "-h" flag.
nfsd(8) also features a "-h" flag, but you cannot control the ports it
chooses.
~BAS
--=_wingspan-74575-1142028819-0001-2
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7s
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIHYDCCA6ww
ggKUoAMCAQICAS4wDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlVTMRUwEwYDVQQIEwxQZW5u
c3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxIzAhBgNVBAoTGkNvbGxhYm9yYXRpdmUgRnVz
aW9uLCBJbmMuMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIDAeBgNVBAMTF0NvbGxh
Ym9yYXRpdmUgRnVzaW9uIENBMB4XDTA1MTIxOTIwMzkxM1oXDTA2MTIxOTIwMzkxM1owgbsxCzAJ
BgNVBAYTAlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxIzAh
BgNVBAoTGkNvbGxhYm9yYXRpdmUgRnVzaW9uLCBJbmMuMQ0wCwYDVQQLEwRCT0ZIMRowGAYDVQQD
ExFCcmlhbiBBLiBTZWtsZWNraTEwMC4GCSqGSIb3DQEJARYhYnNla2xlY2tpQGNvbGxhYm9yYXRp
dmVmdXNpb24uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkC6Fb+c77I+dm58TFxvOn
BKaf4wug8K34V/zvjYdLVKRkEA+WLMb1/4shisJgEU9RXzoZ3wF3z+FaZKnSTCp79XF9pJ6ajmu+
79rf6negRYKnHoxq4am95PEpFfwXFmuBm6nQMmJwL/6NwpoQInve5OB/bRVW5UMv4Q3R2QAMzwID
AQABo1gwVjAsBgNVHREEJTAjgSFic2VrbGVja2lAY29sbGFib3JhdGl2ZWZ1c2lvbi5jb20wEQYJ
YIZIAYb4QgEBBAQDAgSwMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBAUAA4IBAQBB
zoyBh9QR/Qj5kUSrwTTUMudk13CvidDh5O+vvlNrcwicqgiQcsJ8PQZ20ujiyzvJ97fFm13Bi02R
oXlnDGpAaUR2AGJcJSgHDRoP5Qkkt/5OHp1s5uYEsBMkFnGJVcgIeEkg3MdKJD8EOaFXoHOVlfcf
WQNB8vmk8GK+6dpDTm7yb9dK44R+D5Lky+kgNkJ/+s6G6oQKlR1NRkNfxRBwh33wE9+OUl2Cgx8c
VzPPTeVTMcCAUPeJNa/gLk0X/oxCGMfyjBJSaEz8rb33xNJm5dl34/h49PrFf4pyMIiDslKwHopN
JpkV9wDQZyYGJK9TMDVOWEvpERISIszjsmFRMIIDrDCCApSgAwIBAgIBLjANBgkqhkiG9w0BAQQF
ADCBoDELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBlbm5zeWx2YW5pYTETMBEGA1UEBxMKUGl0dHNi
dXJnaDEjMCEGA1UEChMaQ29sbGFib3JhdGl2ZSBGdXNpb24sIEluYy4xHjAcBgNVBAsTFUNlcnRp
ZmljYXRlIEF1dGhvcml0eTEgMB4GA1UEAxMXQ29sbGFib3JhdGl2ZSBGdXNpb24gQ0EwHhcNMDUx
MjE5MjAzOTEzWhcNMDYxMjE5MjAzOTEzWjCBuzELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBlbm5z
eWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDEjMCEGA1UEChMaQ29sbGFib3JhdGl2ZSBGdXNp
b24sIEluYy4xDTALBgNVBAsTBEJPRkgxGjAYBgNVBAMTEUJyaWFuIEEuIFNla2xlY2tpMTAwLgYJ
KoZIhvcNAQkBFiFic2VrbGVja2lAY29sbGFib3JhdGl2ZWZ1c2lvbi5jb20wgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAOQLoVv5zvsj52bnxMXG86cEpp/jC6DwrfhX/O+Nh0tUpGQQD5YsxvX/
iyGKwmART1FfOhnfAXfP4VpkqdJMKnv1cX2knpqOa77v2t/qd6BFgqcejGrhqb3k8SkV/BcWa4Gb
qdAyYnAv/o3CmhAie97k4H9tFVblQy/hDdHZAAzPAgMBAAGjWDBWMCwGA1UdEQQlMCOBIWJzZWts
ZWNraUBjb2xsYWJvcmF0aXZlZnVzaW9uLmNvbTARBglghkgBhvhCAQEEBAMCBLAwEwYDVR0lBAww
CgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEEBQADggEBAEHOjIGH1BH9CPmRRKvBNNQy52TXcK+J0OHk
76++U2tzCJyqCJBywnw9BnbS6OLLO8n3t8WbXcGLTZGheWcMakBpRHYAYlwlKAcNGg/lCSS3/k4e
nWzm5gSwEyQWcYlVyAh4SSDcx0okPwQ5oVegc5WV9x9ZA0Hy+aTwYr7p2kNObvJv10rjhH4PkuTL
6SA2Qn/6zobqhAqVHU1GQ1/FEHCHffAT345SXYKDHxxXM89N5VMxwIBQ94k1r+AuTRf+jEIYx/KM
ElJoTPytvffE0mbl2Xfj+Hj0+sV/inIwiIOyUrAeik0mmRX3ANBnJgYkr1MwNU5YS+kREhIizOOy
YVExggMkMIIDIAIBATCBpjCBoDELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBlbm5zeWx2YW5pYTET
MBEGA1UEBxMKUGl0dHNidXJnaDEjMCEGA1UEChMaQ29sbGFib3JhdGl2ZSBGdXNpb24sIEluYy4x
HjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEgMB4GA1UEAxMXQ29sbGFib3JhdGl2ZSBG
dXNpb24gQ0ECAS4wCQYFKw4DAhoFAKCCAdMwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq
hkiG9w0BCQUxDxcNMDYwMzEwMjIxMzM5WjAjBgkqhkiG9w0BCQQxFgQU8gB2SEyDFrwKIN/ud75O
EUNj9U4wgbcGCSsGAQQBgjcQBDGBqTCBpjCBoDELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBlbm5z
eWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDEjMCEGA1UEChMaQ29sbGFib3JhdGl2ZSBGdXNp
b24sIEluYy4xHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEgMB4GA1UEAxMXQ29sbGFi
b3JhdGl2ZSBGdXNpb24gQ0ECAS4wgbkGCyqGSIb3DQEJEAILMYGpoIGmMIGgMQswCQYDVQQGEwJV
UzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMSMwIQYDVQQKExpD
b2xsYWJvcmF0aXZlIEZ1c2lvbiwgSW5jLjEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MSAwHgYDVQQDExdDb2xsYWJvcmF0aXZlIEZ1c2lvbiBDQQIBLjANBgkqhkiG9w0BAQEFAASBgBZU
cNx5PozTnbz2grMvc+9UwJf+SHv5g9xWAQI69aCnoaUqzqYy7UFHoXrlQKhx5HfC1Q1A0cwG4y1u
9JkkYPCKM2b0ZOFTB7Nl8AMxbKuLdZpYH3KXM8eyyO596nAZtjaLGBJQR4+WXaLupArug8d/QUnQ
H02vZIcW1Rhcu8+gAAAAAAAA
--=_wingspan-74575-1142028819-0001-2--
More information about the freebsd-bugs
mailing list