From owner-freebsd-bugs@FreeBSD.ORG Sat Mar 11 01:41:02 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1420916A462 for ; Sat, 11 Mar 2006 01:41:01 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA24F4400F for ; Sat, 11 Mar 2006 01:40:22 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2B1eAUU058678 for ; Sat, 11 Mar 2006 01:40:10 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2B1eAVe058677; Sat, 11 Mar 2006 01:40:10 GMT (envelope-from gnats) Date: Sat, 11 Mar 2006 01:40:10 GMT Message-Id: <200603110140.k2B1eAVe058677@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: "Brian A. Seklecki" Cc: Subject: Re: bin/84494: rpcbind TCP cannot be told to bind to a specific IP X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Brian A. Seklecki" List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Mar 2006 01:41:02 -0000 The following reply was made to PR bin/84494; it has been noted by GNATS. From: "Brian A. Seklecki" To: bug-followup@FreeBSD.org, taosecurity@gmail.com Cc: Bill Moran , dd@freebsd.org, mbr@freebsd.org, alfred@freebsd.org Subject: Re: bin/84494: rpcbind TCP cannot be told to bind to a specific IP Date: Fri, 10 Mar 2006 17:13:39 -0500 This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --=_wingspan-74575-1142028819-0001-2 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable [CC'ing the developer swho added -h and TCP support] In addition to the security implications for multi-homed systems that have public and private interfaces (and the implication for a software firewall), this is a serious impediment to creating system <-> service abstraction.=20 In large environments where High Availability is a requirement, services are frequently "bound" to VIPs that can easily be moved from one system to another using Fail-over Management Software. =20 In fact, all of the NFS related utilities are lacking in this facility, specifically, nfsd(8) and mountd(8). mountd(8) does feature a "-p" flag to specify the used to ensure a specific port is reused, thus helping to sanitize RPC/NFS in through a firewall, but lacks a "-h" flag. nfsd(8) also features a "-h" flag, but you cannot control the ports it chooses. ~BAS --=_wingspan-74575-1142028819-0001-2 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIHYDCCA6ww ggKUoAMCAQICAS4wDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlVTMRUwEwYDVQQIEwxQZW5u c3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxIzAhBgNVBAoTGkNvbGxhYm9yYXRpdmUgRnVz aW9uLCBJbmMuMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIDAeBgNVBAMTF0NvbGxh Ym9yYXRpdmUgRnVzaW9uIENBMB4XDTA1MTIxOTIwMzkxM1oXDTA2MTIxOTIwMzkxM1owgbsxCzAJ BgNVBAYTAlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxIzAh BgNVBAoTGkNvbGxhYm9yYXRpdmUgRnVzaW9uLCBJbmMuMQ0wCwYDVQQLEwRCT0ZIMRowGAYDVQQD ExFCcmlhbiBBLiBTZWtsZWNraTEwMC4GCSqGSIb3DQEJARYhYnNla2xlY2tpQGNvbGxhYm9yYXRp dmVmdXNpb24uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkC6Fb+c77I+dm58TFxvOn BKaf4wug8K34V/zvjYdLVKRkEA+WLMb1/4shisJgEU9RXzoZ3wF3z+FaZKnSTCp79XF9pJ6ajmu+ 79rf6negRYKnHoxq4am95PEpFfwXFmuBm6nQMmJwL/6NwpoQInve5OB/bRVW5UMv4Q3R2QAMzwID AQABo1gwVjAsBgNVHREEJTAjgSFic2VrbGVja2lAY29sbGFib3JhdGl2ZWZ1c2lvbi5jb20wEQYJ YIZIAYb4QgEBBAQDAgSwMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBAUAA4IBAQBB zoyBh9QR/Qj5kUSrwTTUMudk13CvidDh5O+vvlNrcwicqgiQcsJ8PQZ20ujiyzvJ97fFm13Bi02R oXlnDGpAaUR2AGJcJSgHDRoP5Qkkt/5OHp1s5uYEsBMkFnGJVcgIeEkg3MdKJD8EOaFXoHOVlfcf WQNB8vmk8GK+6dpDTm7yb9dK44R+D5Lky+kgNkJ/+s6G6oQKlR1NRkNfxRBwh33wE9+OUl2Cgx8c VzPPTeVTMcCAUPeJNa/gLk0X/oxCGMfyjBJSaEz8rb33xNJm5dl34/h49PrFf4pyMIiDslKwHopN JpkV9wDQZyYGJK9TMDVOWEvpERISIszjsmFRMIIDrDCCApSgAwIBAgIBLjANBgkqhkiG9w0BAQQF ADCBoDELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBlbm5zeWx2YW5pYTETMBEGA1UEBxMKUGl0dHNi dXJnaDEjMCEGA1UEChMaQ29sbGFib3JhdGl2ZSBGdXNpb24sIEluYy4xHjAcBgNVBAsTFUNlcnRp ZmljYXRlIEF1dGhvcml0eTEgMB4GA1UEAxMXQ29sbGFib3JhdGl2ZSBGdXNpb24gQ0EwHhcNMDUx MjE5MjAzOTEzWhcNMDYxMjE5MjAzOTEzWjCBuzELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBlbm5z eWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDEjMCEGA1UEChMaQ29sbGFib3JhdGl2ZSBGdXNp b24sIEluYy4xDTALBgNVBAsTBEJPRkgxGjAYBgNVBAMTEUJyaWFuIEEuIFNla2xlY2tpMTAwLgYJ KoZIhvcNAQkBFiFic2VrbGVja2lAY29sbGFib3JhdGl2ZWZ1c2lvbi5jb20wgZ8wDQYJKoZIhvcN AQEBBQADgY0AMIGJAoGBAOQLoVv5zvsj52bnxMXG86cEpp/jC6DwrfhX/O+Nh0tUpGQQD5YsxvX/ iyGKwmART1FfOhnfAXfP4VpkqdJMKnv1cX2knpqOa77v2t/qd6BFgqcejGrhqb3k8SkV/BcWa4Gb qdAyYnAv/o3CmhAie97k4H9tFVblQy/hDdHZAAzPAgMBAAGjWDBWMCwGA1UdEQQlMCOBIWJzZWts ZWNraUBjb2xsYWJvcmF0aXZlZnVzaW9uLmNvbTARBglghkgBhvhCAQEEBAMCBLAwEwYDVR0lBAww CgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEEBQADggEBAEHOjIGH1BH9CPmRRKvBNNQy52TXcK+J0OHk 76++U2tzCJyqCJBywnw9BnbS6OLLO8n3t8WbXcGLTZGheWcMakBpRHYAYlwlKAcNGg/lCSS3/k4e nWzm5gSwEyQWcYlVyAh4SSDcx0okPwQ5oVegc5WV9x9ZA0Hy+aTwYr7p2kNObvJv10rjhH4PkuTL 6SA2Qn/6zobqhAqVHU1GQ1/FEHCHffAT345SXYKDHxxXM89N5VMxwIBQ94k1r+AuTRf+jEIYx/KM ElJoTPytvffE0mbl2Xfj+Hj0+sV/inIwiIOyUrAeik0mmRX3ANBnJgYkr1MwNU5YS+kREhIizOOy YVExggMkMIIDIAIBATCBpjCBoDELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBlbm5zeWx2YW5pYTET MBEGA1UEBxMKUGl0dHNidXJnaDEjMCEGA1UEChMaQ29sbGFib3JhdGl2ZSBGdXNpb24sIEluYy4x HjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEgMB4GA1UEAxMXQ29sbGFib3JhdGl2ZSBG dXNpb24gQ0ECAS4wCQYFKw4DAhoFAKCCAdMwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq hkiG9w0BCQUxDxcNMDYwMzEwMjIxMzM5WjAjBgkqhkiG9w0BCQQxFgQU8gB2SEyDFrwKIN/ud75O EUNj9U4wgbcGCSsGAQQBgjcQBDGBqTCBpjCBoDELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBlbm5z eWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDEjMCEGA1UEChMaQ29sbGFib3JhdGl2ZSBGdXNp b24sIEluYy4xHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEgMB4GA1UEAxMXQ29sbGFi b3JhdGl2ZSBGdXNpb24gQ0ECAS4wgbkGCyqGSIb3DQEJEAILMYGpoIGmMIGgMQswCQYDVQQGEwJV UzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMSMwIQYDVQQKExpD b2xsYWJvcmF0aXZlIEZ1c2lvbiwgSW5jLjEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5 MSAwHgYDVQQDExdDb2xsYWJvcmF0aXZlIEZ1c2lvbiBDQQIBLjANBgkqhkiG9w0BAQEFAASBgBZU cNx5PozTnbz2grMvc+9UwJf+SHv5g9xWAQI69aCnoaUqzqYy7UFHoXrlQKhx5HfC1Q1A0cwG4y1u 9JkkYPCKM2b0ZOFTB7Nl8AMxbKuLdZpYH3KXM8eyyO596nAZtjaLGBJQR4+WXaLupArug8d/QUnQ H02vZIcW1Rhcu8+gAAAAAAAA --=_wingspan-74575-1142028819-0001-2--