From owner-freebsd-security  Sat Nov 16 19:53:26 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3ACDE37B401
	for <security@freebsd.org>; Sat, 16 Nov 2002 19:53:25 -0800 (PST)
Received: from bas.flux.utah.edu (bas.flux.utah.edu [155.98.60.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BA42B43E4A
	for <security@freebsd.org>; Sat, 16 Nov 2002 19:53:24 -0800 (PST)
	(envelope-from danderse@flux.utah.edu)
Received: from bas.flux.utah.edu (localhost [127.0.0.1])
	by bas.flux.utah.edu (8.12.5/8.12.5) with ESMTP id gAH3rOUA005198
	for <security@freebsd.org>; Sat, 16 Nov 2002 20:53:24 -0700 (MST)
	(envelope-from danderse@bas.flux.utah.edu)
Received: (from danderse@localhost)
	by bas.flux.utah.edu (8.12.5/8.12.5/Submit) id gAH3rOvB005197
	for security@freebsd.org; Sat, 16 Nov 2002 20:53:24 -0700 (MST)
Date: Sat, 16 Nov 2002 20:53:24 -0700
From: "David G. Andersen" <danderse@cs.utah.edu>
To: security@freebsd.org
Subject: Portmap localhost bind bug - commit fix?
Message-ID: <20021116205324.B4590@cs.utah.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Would someone be willing to take a look at PR 30235,
and perhaps commit its patch, or the equivalent functionality?

At present, it's impossible to get portmap to bind to only
localhost, requiring that you use ipfw to filter it out if you
want to use it for local only services.  This is due to a
bug in the portmap interface checking logic, and the PR
above fixes this problem.

It's a very, very welcome feature for the security paranoid
who nevertheless need to run portmap.  I've been running the
patch for a week or so on a number of machines, and it's happy.
(It's simple enough...).  PR has been hanging around since
2001.

Many thanks!

  -Dave

-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/
      I do not accept unsolicited commercial email.  Do not spam me.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message