This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
I think that's a key point to remember. The unprivileged port is the client side source port. So from a security standpoint we're really just worried about information leakage. Spoofing and the like isn't an issue.
That risk does not apply, because the proposed change does not affect the _destination_ port of the requests sent by the client. It makes the client send the requests from unprivileged _source_ ports unless the server is expected to restrict access by port.
Given that the secured maps are a function of the server, it makes sense to provide both the server name and list of secured maps in the same configuration file.Perhaps an existing configuration file could be used. In the client machines, there may already be an yp.conf file, used by the ypbind daemon, which tells other client processes how to contact the NIS server. Perhaps the list of secured maps could be added to yp.conf and then passed to the client processes via RPC, like the NIS server address.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |