Hello Fedora developers, portmap has been useless on 95% on the servers I've installed, since those servers didn't use NFS, NIS, etc. So removing portmap is one of the rutine post-installation tasks for me; I bet I'm not the only one. Hence, I suggest that portmap _not_ be part of a "minimal install" installation. Anyways: On desktop systems, I can't get rid of portmap because fam needs it. - And I can't even stop portmap because a well-working fam is nice. As I don't use NFS or NIS on my desktop, either, I've long wanted to be able to tell portmap to bind to the loopback interface only, following a security principle of making daemons listen to the least possible interfaces. There doesn't seem to be a way to do that, so I've tried creating an altered portmap package. I'm no great c-coder, but it seems to work (even though there could be some IPv6 issues?). The altered source rpm package is available at ftp://troels.arvin.dk/pub/fedora/src/portmap-4.0-60.arvin.src.rpm Added/changed source package files (including a patch for portmap.c) are available at http://troels.arvin.dk/portmap-rpm-changes/ The package makes portmap listen on 127.0.0.1 by default, in line with recent distribution changes (like when sendmail (and X?) was set to listen to the loopback interface only, by default). Someone with c and/or IPv6 experience: Please review my small change to portmap.c. If you find it OK, then please consider incorporating the changes in Fedora, for security reasons. -- Greetings from Troels Arvin, Copenhagen, Denmark
