On 02/05/2018 12:09 PM, Tom Talpey wrote: > On 2/5/2018 12:02 PM, Chuck Lever wrote: >> Heya Steve- >> >>> On Feb 5, 2018, at 11:36 AM, Steve Dickson <steved@xxxxxxxxxx> wrote: >>> >>> Over the weekend I did some experimenting with >>> the remote call code in rpcbind. The code does >>> functionally work but is very antiquated when >>> it comes to the latest NFS versions. >>> >>> Since only UDP sockets are used to do remote calls >>> using the documented interfaces pmap_rmtcall() and callrpc() >>> calls to NFS will fail (actual times out) since UDP is no >>> longer supported. >>> >>> The undocumented interface rpc_call() can be used to >>> call into NFS since the protocol can specified, which >>> also means the PMAPPROC_CALLIT protocol is not used. >>> >>> It turns out privilege port are not needed to make >>> remote calls, at least with my testing. >> >> It's not quite clear what you are claiming here, but >> I'm guessing that what you demonstrated is that the >> CALLIT _listener_ does not have to be privileged? >> >> I claim that is true for all RPC listeners. > > > Why in the world is the remote-call interface even still supported? > It is and was a mammoth security hole allowing machine impersonation, > and to my knowledge no actual services or applications depends on > it. Why not bury it under some compatibility option, default=off?? I did not realize it was a security hole since the info returned can be gotten in other ways... But I do see Netapp has disabled the procedure. steved. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
