On Wed, 11 Aug 2004 17:21:49 -0700, David Kewley wrote:
> portmap uses tcp-wrappers, so you can use /etc/hosts.{allow,deny} to
> control which packets you process. Yes, portmap still listens on all
> interfaces, but if I understand tcp-wrappers correctly, portmap won't be
> asked to process any disallowed packets.
Still, if there is a security bug in the code accepting UDP trafic on port
111, then I would still be at risk.
Almost all daemons in Fedora can be told not to listen on public
interfaces. Portmap is one of the few exceptions, and I'd like to correct
that.
--
Greetings from Troels Arvin, Copenhagen, Denmark
