On 01-01-04 Anthony Towns wrote:
> On Thu, Jan 04, 2001 at 01:09:34PM +0100, Christian Kurz wrote:
> > > don't be so sure, i recently saw someone on -devel get yelled at for
> > > saying portmap is not secure.
> > Well, I would suggest, that those people who yell me for this, either do
> > a audit of portmap and present it on -devel or shut up.
> Oh, and for reference, portmap hasn't has a security update forever
> while I've been maintaining it. Heck, there don't seem to have been any
> changes to portmap since 1997. But hey, feel free to make the traditional
> baseless accusations of insecurity, whatever.
Oh, are you sure that you are not forgetting those nfs and rpc-bugs that
are all only possible due to some running portmap? Also I remember a bug
in portmap that has been found 1998. And I'm still not convinced that
portmap is secure until it has been fully audited.
Ciao
Christian
--
Debian Developer and Quality Assurance Team Member
1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
