Red Hat Bugzilla – Bug 66228
Portmap ignores tcp_wrapper netgroups
Last modified: 2007-04-18 12:43:00 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.0.0; Linux)
Description of problem:
Specifying netgroup for access control in tcp_wrappers fails for the portmap: entry. Other keys such as hostnames and ALL work fine, but @netgroups are ignored and refused. (since sshd: and rpc.mountd: parse netgroups correctly I presume this is a portmap problem and not a tcp_wrappers problem)
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Specify in hosts.allow a portmap: entry that uses @netgroup for access control.
2. Try to connect from a valid machine in the netgroup.
3. Machine is refused connection only for portmap, other services using the exact same syntax (sshd: for example) work fine.
Actual Results: portmap says connect from [host ip] to getport (nfs): request from unauthorized host.
Expected Results: No error should have be created and host should have gained access.
From the README included in the package:
In order to avoid deadlocks, the portmap program does not attempt to
look up the remote host name or user name, nor will it try to match NIS
netgroups. The upshot of all this is that only network number patterns
will work for portmap access control.