From: Petr Vorel <pvorel@suse.cz>
To: NeilBrown <neilb@suse.de>
Cc: Steve Dickson <steved@redhat.com>, linux-nfs@vger.kernel.org
Subject: Re: [PATCH 2/4] rpcbind: allow broadcast RPC to be disabled.
Date: Mon, 4 Mar 2024 19:32:17 +0100 [thread overview]
Message-ID: <20240304183217.GB3408054@pevik> (raw)
In-Reply-To: <20240225235628.12473-3-neilb@suse.de>
Hi Neil,
> From: NeilBrown <neilb@suse.com>
> Support for broadcast RPC involves binding a second privileged
> port. It is possible that rpcbind might choose a port that some
> other service will need, and that can cause problems.
> Having this port open increases the attack surface of rpcbind. RPC
> replies can be sent to it by any host, and they will only be rejected
> once they have been parsed enough to determine that the xid doesn't
> match.
> Boardcast is not widely used. It is not used at all for NFS. For NIS
> (previously yellow pages) it can be used to find a local NIS server,
> though this can also be statically configured.
> In cases where broadcast-RPC is not needed, it is best to disable the
> port. This patch adds a new "-b" option to disable broadcast RPC.
If this feature is wanted, I would suggest "-B". "-b" is used in ping for
broadcast, therefore this option looks like *enabling* broadcast instead of
disabling.
Otherwise LGTM.
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Kind regards,
Petr
next prev parent reply other threads:[~2024-03-04 18:32 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-25 23:53 [PATCH 0/4 rpcbind] Supprt abstract addresses and disable broadcast NeilBrown
2024-02-25 23:53 ` [PATCH 1/4] manpage: describe use of extra port for broadcast rpc NeilBrown
2024-02-25 23:53 ` [PATCH 2/4] rpcbind: allow broadcast RPC to be disabled NeilBrown
2024-03-04 18:32 ` Petr Vorel [this message]
2024-03-04 18:42 ` Roland Mainz
2024-02-25 23:53 ` [PATCH 3/4] Listen on an AF_UNIX abstract address if supported NeilBrown
2024-03-04 18:42 ` Petr Vorel
2024-02-25 23:53 ` [PATCH 4/4] rpcinfo: try connecting using abstract address NeilBrown
2024-03-04 18:58 ` Petr Vorel
2024-03-04 16:51 ` [PATCH 0/4 rpcbind] Supprt abstract addresses and disable broadcast Steve Dickson
2024-03-04 18:29 ` Petr Vorel
2024-03-04 20:32 ` Steve Dickson
2024-03-11 1:47 ` NeilBrown
2024-03-18 20:35 ` Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240304183217.GB3408054@pevik \
--to=pvorel@suse.cz \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
--cc=steved@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox