[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

portmap & tcpwrappers

From: Mark Bergman <bergman panix com>
To: linux-security kochab cv nrao edu
Subject: portmap & tcpwrappers
Date: Tue, 15 Dec 1998 09:47:00 -0800

I don't know if this is RedHat 5.1 specific, but be aware that the version
of portmap distributed is the enhanced (Wietse Venema) version. That's
great, except for two things. The first is documented, but easy to overlook:

	"In order to avoid deadlocks, the portmap program does not attempt to look
	up the remote host name or user name...The upshot of all this is that only
	network number patterns will work for portmap access control."

I didn't realize that, and boy did I get bitten when I refused connections
from "unknown" hosts (where DNS doesn't reverse correctly). I was using the
"same" hosts.allow file I had used elsewhere, but it was a different
version of portmap.

There was a bit of time spent troubleshooting DNS, portmap, mount (the
program that alerted me to the failure), etc., trying to find what the
apparent DNS problem was.

The other problem that came up is that everytime a portmap request
(initiated by mount) was denied, the portmap daemon died.


Mark Bergman
bergman panix com
Unix mechanic, biker, stagehand, pet bird owner, rock climber
http://www.panix.com/~bergman

Follow-Ups:
- [linux-security] Re: portmap & tcpwrappers
  - From: Tomasz R. Surmacz

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]