Date: Sat, 19 Aug 2000 12:19:40 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Michael Maxwell <drwho@xnet.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Log message improvement for rpc.statd Message-ID: <20000819121940.R28027@149.211.6.64.reflexcom.com> In-Reply-To: <200008191817.NAA09304@drwho.xnet.com>; from drwho@xnet.com on Sat, Aug 19, 2000 at 01:18:13PM -0500 References: <200008191817.NAA09304@drwho.xnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Aug 19, 2000 at 01:18:13PM -0500, Michael Maxwell wrote: > >Just noticed that someone decided to try to be annoying with > >my rpc.statd: > > Is there any particular reason you *need* to have RPC visible to the > outside? If not, you would be well advised to firewall this stuff, > especially ports 111, 2049, etc... If there *is* a reason you need it > open, then first try to find another solution. Otherwise, you'll just > have to live with it. > > RPC is, by nature, insecure. Someone asked me about this a few months back. Most of the problems with RPC daemons have been buffer overflows. Buffer overflows are not design flaws, but rather, programming errors. I was asked that provided the programs were actually written securely, is there something still inherently insecure about Sun's RPC protocols? I really did not know enough to answer definitively. I do know that the extra layer of complexity, essentially adding another layer in the network stack between TCP or UDP and the application layer, makes me nervous. Complexity bad. But if there is anything beyond that, I am not sure. Sun isn't known for being the most security conscious vendor... but then again I am a BSD fan and BSD is associated with the notorious r* protocols. ;) -- Crist J. Clark cjclark@alum.mit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000819121940.R28027>