Great Circle Associates Firewalls
(February 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: NFS mounts
From: smb @ research . att . com
Date: Thu, 03 Feb 94 19:39:35 EST
To: Scott McClung <mcclung @ nawc690 . chinalake . navy . mil>
Cc: Firewalls @ GreatCircle . COM

	 If you change the 'wait' to 'nowait' in inetd.conf, won't the
	 service be invoked at every call to mountd?  I've always
	 assumed ( maybe incorrectly ) that mountd only used rpc/udp,
	 and didn't need a 'TCP' entry.  If I'm wrong, I'd appreciate
	 hearing about it...

I just did what I should have done in the first place, which was
to check the code.  (``Use the Source, Luke.'')  My suggestion about
using the wrapper doesn't work.  Yes, you can run mountd from inetd,
but it looks like it never exits once it's started.  However it's
started -- and if it's by inetd, then it has to be from a UDP packet --
the TCP connection is always created on some random port.  TCP
is used for showmount -- but mountd doesn't seem to care; that's
just what the clients do.

So -- to protect mound, assuming that it's running on an exposed machine,
use securelib.

Indexed By Date Previous: Packet filtering on the Bastion Host?
From: daves @ kgw2 . xetron . com (Dave Steele)
Next: Re: NFS mounts
From: kannan @ catarina . usc . edu
Indexed By Thread Previous: Re: NFS mounts
From: abeckett @ fmlrnd . co . uk
Next: re:ftpd & passwd files.
From: Ray Hunter ECD <RHUNTER%ESOC . BITNET @ vm . gmd . de>

Google
 
Search Internet Search www.greatcircle.com