[Beowulf] Remote procedure call (error)

Leif Nixon nixon at nsc.liu.se
Thu Jan 29 06:25:17 EST 2004


Alvin Oga <alvin at Mail.Linux-Consulting.com> writes:

> On Wed, 28 Jan 2004, Robert G. Brown wrote:
>
>> As a general rule, I'd consider the portmapper and rpc stuff to be a
>> moderate security risk; lilith lives inside firewalls only.  I have had
>> direct experience of systems cracked in the past through portmapper
>> bugs, which perhaps makes me a bit paranoid.
>
> did you run the secure versions of each ??
> 	secure rpc
> 	secure portmap
> 	secure nfs

Well, "secure" in that context means "encrypted". That might protect
your traffic against snoopers, but you're still as exposed to security
holes due to portmapper bugs.

I've seen too many RPC related buffer overrun holes in the past to
expose any RPC services to the Internet at large, whether "secure" or
not.

-- 
Leif Nixon                                    Systems expert
------------------------------------------------------------
National Supercomputer Centre           Linkoping University
------------------------------------------------------------
_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list