From: Roland Mainz <roland.mainz@nrubsig.org>
To: linux-nfs@vger.kernel.org
Subject: Re: [PATCH 2/4] rpcbind: allow broadcast RPC to be disabled.
Date: Mon, 4 Mar 2024 19:42:03 +0100 [thread overview]
Message-ID: <CAKAoaQ=z6HMJKL+CMLbum31owuJ6Gp0oLdpPiFub52gD4zNzKw@mail.gmail.com> (raw)
In-Reply-To: <20240304183217.GB3408054@pevik>
On Mon, Mar 4, 2024 at 7:32 PM Petr Vorel <pvorel@suse.cz> wrote:
> > From: NeilBrown <neilb@suse.com>
> > Support for broadcast RPC involves binding a second privileged
> > port. It is possible that rpcbind might choose a port that some
> > other service will need, and that can cause problems.
>
> > Having this port open increases the attack surface of rpcbind. RPC
> > replies can be sent to it by any host, and they will only be rejected
> > once they have been parsed enough to determine that the xid doesn't
> > match.
>
> > Boardcast is not widely used. It is not used at all for NFS. For NIS
> > (previously yellow pages) it can be used to find a local NIS server,
> > though this can also be statically configured.
>
> > In cases where broadcast-RPC is not needed, it is best to disable the
> > port. This patch adds a new "-b" option to disable broadcast RPC.
>
> If this feature is wanted, I would suggest "-B". "-b" is used in ping for
> broadcast, therefore this option looks like *enabling* broadcast instead of
> disabling.
I agree with Petr...
... could you please add the comment about NIS/YP in the manpage too ?
And what about NIS+ ?
----
Bye,
Roland
--
__ . . __
(o.\ \/ /.o) roland.mainz@nrubsig.org
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 3992797
(;O/ \/ \O;)
next prev parent reply other threads:[~2024-03-04 18:42 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-25 23:53 [PATCH 0/4 rpcbind] Supprt abstract addresses and disable broadcast NeilBrown
2024-02-25 23:53 ` [PATCH 1/4] manpage: describe use of extra port for broadcast rpc NeilBrown
2024-02-25 23:53 ` [PATCH 2/4] rpcbind: allow broadcast RPC to be disabled NeilBrown
2024-03-04 18:32 ` Petr Vorel
2024-03-04 18:42 ` Roland Mainz [this message]
2024-02-25 23:53 ` [PATCH 3/4] Listen on an AF_UNIX abstract address if supported NeilBrown
2024-03-04 18:42 ` Petr Vorel
2024-02-25 23:53 ` [PATCH 4/4] rpcinfo: try connecting using abstract address NeilBrown
2024-03-04 18:58 ` Petr Vorel
2024-03-04 16:51 ` [PATCH 0/4 rpcbind] Supprt abstract addresses and disable broadcast Steve Dickson
2024-03-04 18:29 ` Petr Vorel
2024-03-04 20:32 ` Steve Dickson
2024-03-11 1:47 ` NeilBrown
2024-03-18 20:35 ` Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKAoaQ=z6HMJKL+CMLbum31owuJ6Gp0oLdpPiFub52gD4zNzKw@mail.gmail.com' \
--to=roland.mainz@nrubsig.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).