From: Olaf Kirch <olaf.kirch@oracle.com>
To: Neil Brown <neilb@suse.de>
Cc: "Matthias Koenig" <mkoenig@novell.com>,
nfs@lists.sourceforge.net, "Steve Dickson" <SteveD@redhat.com>,
"Javier Fernández-Sanguino Peña" <jfs@computer.org>,
anibal@debian.org
Subject: Re: Portmap - was Re: Does mountd/statd really need to listen on a privileged port??
Date: Fri, 20 Apr 2007 15:27:11 +0200 [thread overview]
Message-ID: <200704201527.12634.olaf.kirch@oracle.com> (raw)
In-Reply-To: <17960.29596.729732.864556@notabene.brown>
On Friday 20 April 2007 10:02, Neil Brown wrote:
> I guess. It would be really nice if we could delay doing the hostname
> lookup until we find a hostname present in hosts.{allow,deny}. That
> would make it run-time configurable. I don't think we can do that
> though.
No, that's not the way tcp_wrappers works. It needs to do the
reverse lookup first.
> > That's nice! However, beware you have to patch rpcinfo so that
> > rpcinfo -u does a bindresvport when run as root. And *that*
> > change needs to go into all distros, or you need to get it past
> > Uli "hell will freeze over first" Drepper.
>
> No change needed. The rpc library already does bindresvport when
> creating a client.
Ah. I was under the impression the automatic bindresvport call
had been removed at some point in time. But looking at the
glibc cvs it seems it's still there.
> My understanding is that /var/run is cleared early at bood. So the
> idea was that the choice of path name made all that work
> automatically.
Well, if you want portmap to chroot, then it either has to keep
a file descriptor open for its map file (which would be at odds
with chrooting, because you do that to completely contain
the process); or you would have to put the map file somewhere
under your chroot tree and have to take care of cleaning it
up on boot in a different way.
> And portmap in initrd? Just Say No. :-)
People have tried to do that, unfortunately.
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@lst.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next prev parent reply other threads:[~2007-04-20 13:28 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-12 22:05 Does mountd/statd really need to listen on a privileged port?? Neil Brown
2007-04-13 0:05 ` Trond Myklebust
2007-04-16 1:03 ` Neil Brown
2007-04-13 0:55 ` Mike Frysinger
2007-04-13 1:09 ` Mike Frysinger
2007-04-13 1:39 ` Neil Brown
2007-04-13 2:04 ` Mike Frysinger
2007-04-17 10:14 ` Olaf Kirch
2007-04-17 11:12 ` Mike Frysinger
2007-04-16 18:13 ` Steve Dickson
2007-04-17 10:08 ` Olaf Kirch
2007-04-17 11:21 ` Mike Frysinger
2007-04-17 11:32 ` Olaf Kirch
2007-04-18 7:14 ` Neil Brown
2007-04-19 0:46 ` Neil Brown
2007-04-19 1:21 ` Javier Fernández-Sanguino Peña
2007-04-20 3:04 ` Portmap - was " Neil Brown
2007-04-20 6:49 ` Olaf Kirch
2007-04-20 8:02 ` Neil Brown
2007-04-20 13:27 ` Olaf Kirch [this message]
2007-04-20 19:18 ` Steve Dickson
2007-04-23 4:03 ` Neil Brown
2007-04-23 6:31 ` Neil Brown
2007-04-23 13:43 ` Steve Dickson
2007-04-24 0:56 ` Neil Brown
2007-04-24 17:13 ` Steve Dickson
2007-04-23 13:28 ` Steve Dickson
2007-04-23 23:09 ` Neil Brown
2007-04-24 6:43 ` Olaf Kirch
2007-04-24 7:24 ` Neil Brown
2007-04-24 15:15 ` Talpey, Thomas
2007-04-24 15:31 ` Talpey, Thomas
2007-04-24 7:08 ` Olaf Kirch
2007-04-24 15:10 ` Steve Dickson
2007-04-24 16:10 ` Christoph Hellwig
2007-04-24 17:04 ` Steve Dickson
2007-04-24 17:17 ` Christoph Hellwig
2007-04-24 17:52 ` Steve Dickson
2007-04-24 19:09 ` Peter Åstrand
2007-04-24 20:26 ` Steve Dickson
2007-04-24 20:36 ` Peter Staubach
2007-04-25 11:56 ` Olaf Kirch
2007-04-25 15:44 ` Peter Staubach
2007-04-25 20:14 ` Olaf Kirch
2007-04-26 6:32 ` Neil Brown
2007-04-26 8:59 ` Olaf Kirch
2007-04-26 13:03 ` Peter Staubach
2007-05-02 4:22 ` Ian Kent
2007-04-27 15:07 ` Olaf Kirch
2007-04-27 15:18 ` Christoph Hellwig
2007-04-27 17:07 ` Olaf Kirch
2007-04-29 23:32 ` Steve Dickson
2007-04-26 7:52 ` Aurélien Charbon
2007-04-25 8:57 ` Peter Åstrand
2007-04-25 8:56 ` Olaf Kirch
2007-04-25 9:58 ` Christoph Hellwig
2007-04-25 13:22 ` Steve Dickson
2007-04-25 14:10 ` Olaf Kirch
2007-04-25 14:42 ` Christoph Hellwig
2007-04-26 14:30 ` Peter Åstrand
2007-04-25 14:37 ` Christoph Hellwig
2007-04-25 13:39 ` Steve Dickson
2007-04-26 22:22 ` Steve Dickson
2007-04-27 2:22 ` J. Bruce Fields
2007-04-27 6:20 ` Olaf Kirch
2007-04-27 14:01 ` Peter Staubach
2007-04-27 14:09 ` Christoph Hellwig
2007-04-27 14:21 ` Peter Staubach
2007-04-27 14:37 ` Christoph Hellwig
2007-04-29 23:39 ` Steve Dickson
2007-04-27 16:49 ` Olaf Kirch
2007-04-27 17:06 ` Peter Staubach
2007-04-27 17:04 ` Olaf Kirch
2007-04-27 17:34 ` Peter Staubach
2007-05-04 18:52 ` Steve Dickson
2007-04-24 14:38 ` Steve Dickson
2007-04-19 15:15 ` Steve Dickson
2007-04-19 15:21 ` J. Bruce Fields
2007-04-19 15:42 ` Steve Dickson
2007-04-19 15:50 ` J. Bruce Fields
2007-04-19 16:36 ` Steve Dickson
2007-04-19 22:50 ` Anibal Monsalve Salazar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200704201527.12634.olaf.kirch@oracle.com \
--to=olaf.kirch@oracle.com \
--cc=SteveD@redhat.com \
--cc=anibal@debian.org \
--cc=jfs@computer.org \
--cc=mkoenig@novell.com \
--cc=neilb@suse.de \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.