Hi Neil, > From: NeilBrown <neilb@xxxxxxxx> > Support for broadcast RPC involves binding a second privileged > port. It is possible that rpcbind might choose a port that some > other service will need, and that can cause problems. > Having this port open increases the attack surface of rpcbind. RPC > replies can be sent to it by any host, and they will only be rejected > once they have been parsed enough to determine that the xid doesn't > match. > Boardcast is not widely used. It is not used at all for NFS. For NIS > (previously yellow pages) it can be used to find a local NIS server, > though this can also be statically configured. > In cases where broadcast-RPC is not needed, it is best to disable the > port. This patch adds a new "-b" option to disable broadcast RPC. If this feature is wanted, I would suggest "-B". "-b" is used in ping for broadcast, therefore this option looks like *enabling* broadcast instead of disabling. Otherwise LGTM. Reviewed-by: Petr Vorel <pvorel@xxxxxxx> Kind regards, Petr
