https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=117711
[email protected] changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #10 from [email protected] --- Hi, I've just run into this issue under FreeBSD 10 - rpcbind '-h' provides a false sense of security, as by default although some of the ports it sets up do indeed bind to the requested IP - there's one or more random ports opened on UDP - that ignore the '-h' IP address, and are open to the world. Is anyone able to look at this - this PR seems pretty ancient (filed in 2007, and the issue still kicking along in 2014? - 7 years?). As the ports opened are random they are also hard to protect with ipfw - so all in all, it's a bit of a PITA :( At the very least can someone flick it from 'Normal Affects Only Me' to 'Affects a Few people'? -Karl -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
