Package: portmap Version: 5-15 Severity: wishlist When an RPC client uses PMAPPROC_CALLIT to do broadcast RPC calls (for example, via clnt_broadcast()) portmap proxies the request on to the actual service on the local system (assuming there is one). It does this by using clntudp_create() to create a UDP client pointing at 127.0.0.1 and then using that to call the relevant procedure on the local system. Unfortunately, this means that the service being called can't tell where the request originated and is therefore unable to do any address based access control on the request.
It would be helpful if portmap were to forward on requests using the IP address of the interface on which it received the request, allowing the service to factor in the source address when responding. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: powerpc (ppc) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-1-powerpc Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages portmap depends on: ii debconf [debconf-2.0] 1.4.58 Debian configuration management sy ii libc6 2.3.5-6 GNU C Library: Shared libraries an ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra portmap recommends no packages. -- debconf information: * portmap/config: * portmap/loopback: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
