Your message dated Sat, 27 Jul 2019 22:21:29 +0000
with message-id <[email protected]>
and subject line Bug#737276: fixed in rpcbind 1.2.5-4
has caused the Debian Bug report #737276,
regarding rpcbind config file /etc/default/rpcbind not mentioned anywhere in
manpages/package documentation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
737276: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737276
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: rpcbind
Version: 0.2.0-8
Severity: normal
Hi,
although /etc/init.d/rpcbind does parse /etc/default/rpcbind if it exists (and
as a fallback also /etc/rpcbind.conf), no template for this config file exists,
nor is its existance and location mentioned anywhere in the documentation -
neither in the manpages nor in /usr/share/doc/portmap.
This is annoying and will be even more so for new but security aware users,
since various security resources recommended by the debian project point out
that the rpc service should be restricted to localhost if only used by local
applications such as the (standard) Gnome Desktop. New users can not be
expected to look into and understand /etc/init.d/rpcbind to find out whether
config files are parsed,
Maybe the /etc/default/rpcbind config file could look something like this:
<snip>
# Default settings for rpcbind. This file is sourced by /bin/sh from
# /etc/init.d/rpcbind
# Cause rpcbind to do a "warm start" utilizing a state file (default)
OPTIONS="-w "
# Uncomment the following line to restrict rpcbind to localhost only for UDP
requests
#OPTIONS+="-h 127.0.0.1 "
# Uncomment the following line to enable libwrap TCP-Wrapper connection logging
#OPTIONS+="-l "
</snip>
As for the manpages; I would suggest adding an appropriate files section to
rpcbind (8) as well as a short README.Debian or similar note in /usr/share/doc,
which might also mention the use of /etc/hosts.allow and /etc/hosts.deny and/or
iptables rules to further control rpc access (see
http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-
services.en.html#s-rpc).
Thanks for all your work!
luka
-- System Information:
Debian Release: 7.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages rpcbind depends on:
ii initscripts 2.88dsf-41+deb7u1
ii insserv 1.14.0-5
ii libc6 2.13-38
ii libtirpc1 0.2.2-5
ii libwrap0 7.6.q-24
ii lsb-base 4.1+Debian8+deb7u1
rpcbind recommends no packages.
rpcbind suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: rpcbind
Source-Version: 1.2.5-4
We believe that the bug you reported is fixed in the latest version of
rpcbind, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Josue Ortega <[email protected]> (supplier of updated rpcbind package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 27 Jul 2019 15:12:58 -0300
Source: rpcbind
Architecture: source
Version: 1.2.5-4
Distribution: unstable
Urgency: medium
Maintainer: Josue Ortega <[email protected]>
Changed-By: Josue Ortega <[email protected]>
Closes: 737276 804670
Changes:
rpcbind (1.2.5-4) unstable; urgency=medium
.
* debian/init.d: Add retry at stop function to avoid racy restart
(Closes: #804670)
* Add debian/rpcbind.default file. (Closes: #737276)
* Refresh debian/patches.
* Bump Standards-Version to 4.4.0. No changes required
Checksums-Sha1:
95acb6a48d5107c5544b7961d236656686a90ebb 1923 rpcbind_1.2.5-4.dsc
4e4b2ed83281fd2a74da16c6eae2872a7e4ac254 10892 rpcbind_1.2.5-4.debian.tar.xz
129e19e0f86ef696d62e663f82719caa805a315d 6207 rpcbind_1.2.5-4_amd64.buildinfo
Checksums-Sha256:
d805ccb59c33309e04f536ab7234213b480ba1858c7f0dabcc967085d1a2ead9 1923
rpcbind_1.2.5-4.dsc
6ed79887e804b3d623aee922c075435badf33357e371e85dabdd2606a4011931 10892
rpcbind_1.2.5-4.debian.tar.xz
957a6c4812cbee0d144d26dfcf1a99f581e6bb440beff94c2bcf0104047bf474 6207
rpcbind_1.2.5-4_amd64.buildinfo
Files:
61706ddc024a40f8861935e14d282451 1923 net optional rpcbind_1.2.5-4.dsc
2535c42628fe31032a6e4b6a630d0816 10892 net optional
rpcbind_1.2.5-4.debian.tar.xz
ad5e378d30b4946358f4c45f7f888ce4 6207 net optional
rpcbind_1.2.5-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCAAvFiEEdzOzKNJ5X1viMlrdAVCdXKtK/T8FAl08yzQRHGpvc3VlQGRl
Ymlhbi5vcmcACgkQAVCdXKtK/T/dbg/+PfLv4otE/QN+17OMoZd6tkc4pa4HqCvU
EIwj/aLmrlVRMNGSZc0L9m3TEJ3QQ19djdZW2JY9c/se3rbb1jzEQwFwfegLzYXD
DYBWoMHmI1R8jsq5NyAXm5jriHl9vwKKpK6458imxA1Kpw8B1xAfuDkF6uY2eyUS
X16j4qw5VSL5s/ejzr9JTLu0YRVs135Ibb0lTD/qnRe0OhCk2uxT5B9BvZ+nD8qz
+wavxCl/5+PdwEgSMkmhM1ULSBYVErcPP9WRVs1kjsl5HR48F3OZRDp9re1KCz2D
TpbZFwjRfnNXUs564EP/C85eO4Gd/Kn0AYDSGhraFJ6PjmOtvCWLi9KowbeSD18t
pbBnEPVIOVwILQnXoBu2jiNL5PuRp2lub3kEMNFgwcF6P9sHgKWW2xkhgLuwqdXm
Qxi64dwXLziqVfkawE70BGjYz1hF5Y9R2Tj0ePYzNh5jVBO3WXO1QRSlNNeiK+4k
RJzwq56+0m0Y9KI6Cg0QW7IbhWifkVQ6ql8i+GlFt7S2TG+vKTfHt/LMAJk4YX9z
6vhRHz/QmiWlGl3TmnqehyLfl3R4D3Sn9htCWIvwRU3q0dxxYkI1ofqV18i+lCZd
Q79lLc7Ch/qyFDV4mSVM0ZeGSpV0jR11enpgU77GRT3FRxXtafmiwn2UNmCCrk/p
1BT7nm0awMo=
=6gGn
-----END PGP SIGNATURE-----
--- End Message ---
