Gustavo Rios <rios.gust...@gmail.com> wrote: > Hi folks! > > How does openbsd rpcbind prevent ordinary users to unset a given rpc port > mapping registered by, for instance, the root user ?
Poorly. It will only allow local root (who request upon a reserved port) to touch ports which are reserved (< 1024), and 2049 is treated the same way. If root wants safe RPC, it needs to use reserved ports. Please don't bring up the argument that reserved ports are an outdated concept, it is obvious right here they aren't. It is difficult to improve the RPC ecosystem, it kind of is what it is, and noone new services use it.
