Suggestion for an altered portmap package
Troels Arvin
troels at arvin.dk
Wed Aug 11 23:50:43 UTC 2004
Hello Fedora developers,
portmap has been useless on 95% on the servers I've installed, since those
servers didn't use NFS, NIS, etc. So removing portmap is one of the rutine
post-installation tasks for me; I bet I'm not the only one. Hence, I
suggest that portmap _not_ be part of a "minimal install" installation.
Anyways:
On desktop systems, I can't get rid of portmap because fam needs it. - And
I can't even stop portmap because a well-working fam is nice. As I don't
use NFS or NIS on my desktop, either, I've long wanted to be able to tell
portmap to bind to the loopback interface only, following a security
principle of making daemons listen to the least possible interfaces. There
doesn't seem to be a way to do that, so I've tried creating an altered
portmap package. I'm no great c-coder, but it seems to work (even though
there could be some IPv6 issues?).
The altered source rpm package is available at
ftp://troels.arvin.dk/pub/fedora/src/portmap-4.0-60.arvin.src.rpm
Added/changed source package files (including a patch for portmap.c) are
available at http://troels.arvin.dk/portmap-rpm-changes/
The package makes portmap listen on 127.0.0.1 by default, in line with
recent distribution changes (like when sendmail (and X?) was set to listen
to the loopback interface only, by default).
Someone with c and/or IPv6 experience: Please review my small change to
portmap.c. If you find it OK, then please consider incorporating the
changes in Fedora, for security reasons.
--
Greetings from Troels Arvin, Copenhagen, Denmark
More information about the fedora-devel-list
mailing list