You are not logged in.

#1 2009-03-10 18:12:23

blackhole
Member
From: Karlsruhe, Germany
Registered: 2008-12-14
Posts: 148
Website

Portmap opened port 111: security risk?

Hi there,

I'v noticed that after installing Xfce that portmap is running as it seems to be a dependency for the fam daemon. Portmap opened 111 and some google results talk about port 111 being a security risk.
Does anybody know how risky that really is and if fam works without portmap running?

TIA,
Blackhole


Coming closer and closer to the ultimate goal: replacing boring old Windows XP desktop with shiny new Arch KDE 4 desktop. ^^
Already registered? Your vote counts!

Offline

#2 2009-03-10 21:05:48

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,622
Website

Re: Portmap opened port 111: security risk?

I believe portmap obeys tcp_wrappers policies, so if you have it denied in /etc/hosts.{allow,deny} you should be fine.
You could always firewall that port off as well.

as for fam, apparently it does require portmap, because the library uses rpc over localhost for message passing or something. I saw talk on a debian ML about auto-detecting socket names for localhost communication, but I dont know if anything ever happened with it. *shrug*

Maybe someone else knows more.


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#3 2009-03-10 22:13:57

Wintervenom
Member
Registered: 2008-08-20
Posts: 1,011

Re: Portmap opened port 111: security risk?

You can always replace FAM with Gamin, which does not require portmap nor does it need to be run as a system daemon.

Last edited by Wintervenom (2009-03-10 22:15:09)

Offline

#4 2009-03-11 08:08:58

blackhole
Member
From: Karlsruhe, Germany
Registered: 2008-12-14
Posts: 148
Website

Re: Portmap opened port 111: security risk?

Wintervenom wrote:

You can always replace FAM with Gamin, which does not require portmap nor does it need to be run as a system daemon.

Thanks a lot mate! I didn't know that. How do I have to set up Gamin so that Xfce picks it up? Just install it via pacman or do I need any further configuration?


Coming closer and closer to the ultimate goal: replacing boring old Windows XP desktop with shiny new Arch KDE 4 desktop. ^^
Already registered? Your vote counts!

Offline

Board footer

Powered by FluxBB