Marco d''Itri
2009-Jun-04 01:11 UTC
[Secure-testing-team] Bug#531785: tcp-wrappers support not working
Package: nfs-kernel-server Version: 1:1.1.6-1 Severity: important Tags: security How to reproduce: echo "mountd statd portmap lockd: ALL" >> /etc/hosts.deny # the second line is acually not needed, but shows that the problem is # not a wrong service name echo "32767: ALL" >> /etc/hosts.deny telnet servername 32767 The connection is accepted without being immediately closed and no error is logged to daemon.*. strace shows that the /etc/hosts.* files are not opened and that any input provided to the telnet process is received by the daemon. It would also be a good idea to add support to the daemon to bind to localhost, portmap style, since this is enough for NFSv4. -- ciao, Marco -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20090604/688b85a8/attachment.pgp>