Bug 66228 - Portmap ignores tcp_wrapper netgroups
Portmap ignores tcp_wrapper netgroups
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: portmap (Show other bugs)
7.3
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Trond Eivind Glomsrxd
Aaron Brown
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-06-06 11:54 EDT by Need Real Name
Modified: 2007-04-18 12:43 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-06-06 11:54:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2002-06-06 11:54:12 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.0.0; Linux)

Description of problem:
Specifying netgroup for access control in tcp_wrappers fails for the portmap: entry. Other keys such as hostnames and ALL work fine, but @netgroups are ignored and refused. (since sshd: and rpc.mountd: parse netgroups correctly I presume this is a portmap problem and not a tcp_wrappers problem) 

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Specify in hosts.allow a portmap: entry that uses @netgroup for access control.
2. Try to connect from a valid machine in the netgroup.
3. Machine is refused connection only for portmap, other services using the exact same syntax (sshd: for example) work fine.
 

Actual Results:  portmap says connect from [host ip] to getport (nfs): request from unauthorized host.

Expected Results:  No error should have be created and host should have gained access.

Additional info:
Comment 1 Trond Eivind Glomsrxd 2002-07-03 18:10:06 EDT
From the README included in the package:

In order to avoid deadlocks, the portmap program does not attempt to
look up the remote host name or user name, nor will it try to match NIS
netgroups. The upshot of all this is that only network number patterns
will work for portmap access control.

Note You need to log in before you can comment on or make changes to this bug.