On 12 August 2014 09:44, Li.Wang <li.w...@windriver.com> wrote: > Opening random ports in privileged port range, among them one port that > identifies itself as pop3s, is not a good practice. Both Ericsson and > our > customers run regular vulnerability assessment tools against our > product, > and this will clearly be seen as a potential problem. Furthermore, we > will > not be able to filter the ports, since they are random, and neither will > we > be able to provide decent answers to our customers. To summarize: this > should be taken care of, ie fix rpcbind so that it uses a non random > port > and/or to bind to a specific interface.
This has been bothering me so I just did some digging. rpcbind opening random ports is rather "misguided" but it appears that passing -s to rpcbind will cause it to drop it's privs and setuid down to "daemon", with the side-effect that it can't open the privileged ports anymore. (source: http://wiki.metawerx.net/wiki/setrpcrandomport) Ross -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
