I asked: I have a question about Wietse Venema's secure rpcbind. According to porcupine.org, it was written in 1998 and has been tested on Solaris 2.4 and 2.6. Is there a newer version? Does there need to be a newer version? Sun has "updated" their official version many times, sometimes for a "security fix", but the patch README does not state what exactly has been changed. So for example, patch 108760-02 that was recently released for Solaris 7 will update /usr/sbin/rpcbind. I am aware that installing the patch will disable the wrapping I do of rpcbind right now, but I am wondering if the "security fix" in that patch is more important than the wrapping. TIA, and I will summarize. The answer: so far, no answer. I got a few responses extoling the virtues of secure rpcbind, but that didn't answer my question. I will also be in the forefront of the group extolling the virtues of secure rpcbind, but I have not gotten any response as to whether the secure rpcbind code, which was written in the late 1990s, is susceptible to the various security flaws for which the "regular" rpcbind has been recently patched. +-----------------------------------------------------------------------+ | Christopher L. Barnard O When I was a boy I was told that | | cbarnard@tsg.cbot.com / \ anybody could become president. | | (312) 347-4901 O---O Now I'm beginning to believe it. | | http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow | +----------PGP public key available via finger or PGP keyserver---------+ _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Mon Oct 7 17:17:36 2002
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:56 EST