Bug#457095: nfs-common: statd still cannot restrict its listening address
severity 457095 important tag 457095 +security thanks That still doesn't work for squeeze backports (1:1.2.5-4~bpo60+1). $ cat /etc/default/nfs-common|grep STATDOPTS STATDOPTS=--name 192.168.2.1 --port 60030 --outgoing-port 60031 # netstat -tulpn|grep statd tcp0 0 0.0.0.0:60030 0.0.0.0:* LISTEN 32233/rpc.statd udp0 0 127.0.0.1:609 0.0.0.0:* 32233/rpc.statd udp0 0 0.0.0.0:60030 0.0.0.0:* 32233/rpc.statd $ man rpc.statd ... -n, --name ipaddr | hostname Specifies the bind address used for RPC listener sockets. The ipaddr form can be expressed as either an IPv4 or an IPv6 presentation address. If this option is not specified, rpc.statd uses a wildcard address as the transport bind address. This string is also passed to the sm-notify command to be used as the source address from which to send reboot notification requests. See sm-notify(8) for details. ... -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121121160105.gb1...@darkstar.order.hcn-strela.ru
Bug#457095: nfs-common: statd still cannot restrict its listening address
Package: nfs-common Version: 1:1.2.2-4 Refreshing an old bug report: Binding the listening address still doesn't work, but now the manpage tells that it should work. Manpage rpc.statd(8) tells: -n, --name ipaddr | hostname Specifies the bind address used for RPC listener sockets. The ipaddr form can be expressed as either an IPv4 or an IPv6 pre- sentation address. If this option is not specified, rpc.statd uses a wildcard address as the transport bind address. This string is also passed to the sm-notify command to be used as the source address from which to send reboot notification requests. See sm-notify(8) for details. but for me it doesn't work: ~# netstat -anp|grep statd ~# ifconfig | grep 192.168.1.1 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 ~# /sbin/rpc.statd -n 192.168.1.1 ~# netstat -anp|grep statd tcp0 0 0.0.0.0:41191 0.0.0.0:* LISTEN 4456/rpc.statd udp0 0 0.0.0.0:816 0.0.0.0:* 4456/rpc.statd udp0 0 0.0.0.0:56320 0.0.0.0:* 4456/rpc.statd unix 2 [ ] DGRAM135644456/rpc.statd Sven -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/xfkr5asmp9q@uxkm53.drewag.de
