On 12/09/2010 04:41 PM, Chuck Lever wrote: > > On Dec 9, 2010, at 3:49 PM, Andrew J. Schorr wrote: > >> Hi, >> >> The current rpcbind -i option seems to relax 3 different security requirements. >> If the user wants to allow any one of the three, he is forced to allow >> all 3. >> >> The attached patch introduces 3 new options (-c, -r, and -u) to break this >> down to give the user control of which security requirements to relax. >> >> This patch compiles, but has not been tested yet. If there is any >> interest in accepting this, I will of course test it. :-) But it's fairly >> basic, so I thought I'd gauge the interest level first. Steve >> Dickson from Redhat suggested that I post here to discuss this issue >> regarding https://bugzilla.redhat.com/show_bug.cgi?id=481422 > > Looking over the bug... > > It sounds like your application is trying to use glibc's RPC > implementation with rpcbind. If you build your application with > libtirpc instead, it should use an AF_UNIX socket to contact rpcbind > instead of loopback. The AF_UNIX socket carries some authentication > information with the registration request. All users of your > application would be allowed to set or unset RPC registrations > in that case. > I was under the impression rebuilding the applications was not possible... but maybe I misunderstood... But in the end, I guess I'm not against having functionality like this... If it make it easier for people to port legacy applications to Linux, its probably a good thing... steved. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
