(no) SUMMARY: secure rpcbind still secure?

From: Christopher L. Barnard <cbar44_at_tsg.cbot.com>
Date: Mon Oct 07 2002 - 16:56:30 EDT
I asked:

I have a question about Wietse Venema's secure rpcbind.  According to
porcupine.org, it was written in 1998 and has been tested on Solaris
2.4 and 2.6.  Is there a newer version?  Does there need to be a newer
version?  Sun has "updated" their official version many times, sometimes
for a "security fix", but the patch README does not state what exactly
has been changed.  So for example, patch 108760-02 that was recently
released for Solaris 7 will update /usr/sbin/rpcbind.  I am aware that
installing the patch will disable the wrapping I do of rpcbind right now,
but I am wondering if the "security fix" in that patch is more important
than the wrapping.

TIA, and I will summarize.

The answer:

so far, no answer.
I got a few responses extoling the virtues of secure rpcbind, but that didn't
answer my question.  I will also be in the forefront of the group extolling
the virtues of secure rpcbind, but I have not gotten any response as to
whether the secure rpcbind code, which was written in the late 1990s, is
susceptible to the various security flaws for which the "regular" rpcbind has
been recently patched.

| Christopher L. Barnard         O     When I was a boy I was told that |
| cbarnard@tsg.cbot.com         / \    anybody could become president.  |
| (312) 347-4901               O---O   Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard                --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
sunmanagers mailing list
Received on Mon Oct 7 17:17:36 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:56 EST