From: rct@gherkin.sa.wlk.com (Bob_Tracy)
Date: Fri, 4 Feb 2000 16:32:20 -0600 (CST)
I guess that could be construed to be a security feature. However,
it is troubling that there now seems to be a dependency on RPC that
didn't exist prior to 2.3.41. Would someone "in the know" please
explain the thinking on this to me? If this matter isn't worth the
list's time, a private reply would be acceptable and very much
appreciated.
The RPC dependency on your system was always there, the behavior
of the older kernels just hid it from you.
Look, your system is trying to talk to the portmapped, almost
certainly to attempt NIS lookups. You don't have the portmapper
running and you probably don't use NIS at all right? Look into
/etc/nsswitch.conf, I it is configuring your system to attempt
to use NIS. Am I right?
The new behavior is staying, because the old behavior has very far
reaching negative effects. Here is one case which the old behavior
would allow to happen:
a) Program A does UDP request to an active port
on remote machine
b) Program A times out and goes away for whatever
reason
c) Program B starts and does UDP request to same
machine on same remote port, using same local
port
d) Remote machine finally responds to Program A's
request (either with an error or real response
from the server on that port)
e) Program B sees the response/error!
For high load systems doing DNS, this is deadly.
So fix the apps and configuration on your system people.
Later,
David S. Miller
davem@redhat.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Feb 07 2000 - 21:00:12 EST