Package: rpcbind Version: 0.2.0-8 Severity: normal Hi,
although /etc/init.d/rpcbind does parse /etc/default/rpcbind if it exists (and as a fallback also /etc/rpcbind.conf), no template for this config file exists, nor is its existance and location mentioned anywhere in the documentation - neither in the manpages nor in /usr/share/doc/portmap. This is annoying and will be even more so for new but security aware users, since various security resources recommended by the debian project point out that the rpc service should be restricted to localhost if only used by local applications such as the (standard) Gnome Desktop. New users can not be expected to look into and understand /etc/init.d/rpcbind to find out whether config files are parsed, Maybe the /etc/default/rpcbind config file could look something like this: <snip> # Default settings for rpcbind. This file is sourced by /bin/sh from # /etc/init.d/rpcbind # Cause rpcbind to do a "warm start" utilizing a state file (default) OPTIONS="-w " # Uncomment the following line to restrict rpcbind to localhost only for UDP requests #OPTIONS+="-h 127.0.0.1 " # Uncomment the following line to enable libwrap TCP-Wrapper connection logging #OPTIONS+="-l " </snip> As for the manpages; I would suggest adding an appropriate files section to rpcbind (8) as well as a short README.Debian or similar note in /usr/share/doc, which might also mention the use of /etc/hosts.allow and /etc/hosts.deny and/or iptables rules to further control rpc access (see http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec- services.en.html#s-rpc). Thanks for all your work! luka -- System Information: Debian Release: 7.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rpcbind depends on: ii initscripts 2.88dsf-41+deb7u1 ii insserv 1.14.0-5 ii libc6 2.13-38 ii libtirpc1 0.2.2-5 ii libwrap0 7.6.q-24 ii lsb-base 4.1+Debian8+deb7u1 rpcbind recommends no packages. rpcbind suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
