rpc.kstatd: Remote Kstat Access Service [PSARC/2008/502 FastTrack timeout 08/13/2008]
James Carlson
james.d.carlson at sun.com
Wed Aug 6 06:22:18 PDT 2008
Darren J Moffat writes:
> While the Secure By Default rules are applied because rpc.kstatd is off
> in the default install, I'm not convinced by the lack of any
> authentication, authorization, integrity protection or data
> confidentiality on the wire.
Indeed; and using SNMP instead would provide a ready solution for
those problems.
Even though unprivileged users can invoke the "kstat" command, they
still have to log into the system first to do that. Enabling this
service would remove even that barrier -- users could obtain this
information anonymously over the network using RPC -- so I'm not sure
that's a sufficient rationale for avoiding security mechanisms.
--
James Carlson, Solaris Networking <james.d.carlson at sun.com>
Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
More information about the opensolaris-arc
mailing list