From owner-freebsd-security Sat Nov 16 19:53:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3ACDE37B401 for ; Sat, 16 Nov 2002 19:53:25 -0800 (PST) Received: from bas.flux.utah.edu (bas.flux.utah.edu [155.98.60.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA42B43E4A for ; Sat, 16 Nov 2002 19:53:24 -0800 (PST) (envelope-from danderse@flux.utah.edu) Received: from bas.flux.utah.edu (localhost [127.0.0.1]) by bas.flux.utah.edu (8.12.5/8.12.5) with ESMTP id gAH3rOUA005198 for ; Sat, 16 Nov 2002 20:53:24 -0700 (MST) (envelope-from danderse@bas.flux.utah.edu) Received: (from danderse@localhost) by bas.flux.utah.edu (8.12.5/8.12.5/Submit) id gAH3rOvB005197 for security@freebsd.org; Sat, 16 Nov 2002 20:53:24 -0700 (MST) Date: Sat, 16 Nov 2002 20:53:24 -0700 From: "David G. Andersen" To: security@freebsd.org Subject: Portmap localhost bind bug - commit fix? Message-ID: <20021116205324.B4590@cs.utah.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Would someone be willing to take a look at PR 30235, and perhaps commit its patch, or the equivalent functionality? At present, it's impossible to get portmap to bind to only localhost, requiring that you use ipfw to filter it out if you want to use it for local only services. This is due to a bug in the portmap interface checking logic, and the PR above fixes this problem. It's a very, very welcome feature for the security paranoid who nevertheless need to run portmap. I've been running the patch for a week or so on a number of machines, and it's happy. (It's simple enough...). PR has been hanging around since 2001. Many thanks! -Dave -- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/ I do not accept unsolicited commercial email. Do not spam me. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message