You are not logged in.
recently i added famd to my setup (xfce4/thunar know to update views with it). However, ports were opened which made me cautious - is it safe to use it?
>sudo netstat -lp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:876 *:* LISTEN 22324/famd
tcp 0 0 *:sunrpc *:* LISTEN 22314/portmap
tcp 0 0 *:6000 *:* LISTEN 22409/X
tcp 0 0 *:ssh *:* LISTEN 10136/sshd
udp 108088 0 *:bootpc *:* 450/dhcpcd
udp 0 0 *:sunrpc *:* 22314/portmap
raw 0 0 *:icmp *:* 7 22371/vmnet-natd
Offline
In my view, it's safe but not secure.
It's not really dangerous but someone on your network can use this services to enumerate your system.
What is usually done is that tcpwrapper (using /etc/hosts.deny and hosts.allow), or your firewall rules use of this service.
The issue is that portmap isnt' linked with tcpwrapper. Maybe it's a bug, I'll check it.
Offline
You can stop famd from opening ports by changing "local_only" to be true in /etc/fam/fam.conf.
It's curious that portmap isn't linked with libwrap - the manpage is wrong.
Offline
What is usually done is that tcpwrapper (using /etc/hosts.deny and hosts.allow), or your firewall rules use of this service.
Why not all three options? On my server i have line for deny all in in hosts.deny and a deny rule in hosts.allow and a running firewall without opening the custom ports. It is only bad if you do nothing.-)
The issue is that portmap isnt' linked with tcpwrapper. Maybe it's a bug, I'll check it.
I see your report (http://bugs.archlinux.org/task/7096). The solution for it is easy and you can do this workaround until the package will be updated.
Offline