New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ypbind connections from privileged ports #1

Closed
sebastianst opened this Issue May 7, 2018 · 6 comments

Comments

Projects
None yet
2 participants
@sebastianst

sebastianst commented May 7, 2018

I recently upgraded some boxes from version 1.38 to 2.4 and the NIS server (ypserv 2.19, which cannot be upgraded at the moment) doesn't serve shadow content anymore because it is configured to port security. I see the following errors in the server's log:

ypserv[3142]: refused connect from <ypbind client ip>:56878 to procedure ypproc_match (<domain>,shadow.byname;-1)

I cannot find any option in version 2.4 to let it initiate requests to the server from privileged port. Would it be possible to add such a feature?

@thkukuk

This comment has been minimized.

Show comment
Hide comment
@thkukuk

thkukuk May 8, 2018

Owner

That's sounds more like you did also update libtirpc to the latest version 1.0.3?

And no, with the RPC interface it is not possible to specify a port from which requests are initiated, only the port on which a program is listening.

Owner

thkukuk commented May 8, 2018

That's sounds more like you did also update libtirpc to the latest version 1.0.3?

And no, with the RPC interface it is not possible to specify a port from which requests are initiated, only the port on which a program is listening.

@sebastianst

This comment has been minimized.

Show comment
Hide comment
@sebastianst

sebastianst May 8, 2018

I did indeed update libtirpc form 1.0.2 to 1.0.3, but back at the end of March already. NIS was still working for a good 6 weeks since then. Only after I upgraded ypbind-mt to 2.4 (and yp-tools from 2.14 to 4.2.3), did this problem occur.

sebastianst commented May 8, 2018

I did indeed update libtirpc form 1.0.2 to 1.0.3, but back at the end of March already. NIS was still working for a good 6 weeks since then. Only after I upgraded ypbind-mt to 2.4 (and yp-tools from 2.14 to 4.2.3), did this problem occur.

@thkukuk

This comment has been minimized.

Show comment
Hide comment
@thkukuk

thkukuk May 8, 2018

Owner

I doubt that 2.14 was using libtirpc, but anyways, libtirpc 1.0.3 is terrible broken and should currently not be used and is the root cause for this problem.

Owner

thkukuk commented May 8, 2018

I doubt that 2.14 was using libtirpc, but anyways, libtirpc 1.0.3 is terrible broken and should currently not be used and is the root cause for this problem.

@sebastianst

This comment has been minimized.

Show comment
Hide comment
@sebastianst

sebastianst May 8, 2018

I never said that the old ypbind/tools used libtirpc, just that I had it already installed on my pc and that it got updated at the end or March ;)
So you suggest downgrading libtirpc to 1.0.2?

sebastianst commented May 8, 2018

I never said that the old ypbind/tools used libtirpc, just that I had it already installed on my pc and that it got updated at the end or March ;)
So you suggest downgrading libtirpc to 1.0.2?

@thkukuk

This comment has been minimized.

Show comment
Hide comment
@thkukuk

thkukuk May 8, 2018

Owner

In every case

Owner

thkukuk commented May 8, 2018

In every case

@sebastianst

This comment has been minimized.

Show comment
Hide comment
@sebastianst

sebastianst May 8, 2018

Wow, that did fix the problem. Thank you! I reported on the Arch bug tracker that 1.0.3 is causing such issues.

sebastianst commented May 8, 2018

Wow, that did fix the problem. Thank you! I reported on the Arch bug tracker that 1.0.3 is causing such issues.

@sebastianst sebastianst closed this May 8, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment