Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: another netinfo security question

Thanks ... this was exactly the information I was looking for ... I should
have specified what I was looking for a little more clearly: a solution
for a Darwin OS/X standalone computer where I can kill all listeners, or
at least restrict all listeners to loopback.

This pre-emptively kills the possibility of any remote exploits and for
this reason, such a standalone solution should likely be the default
configuration unless it truly breaks stuff. This would save Darwin and OS
X end users from security holes and from patching anytime an overrun or
the like is discovered in the future.

I know NetInfo is not as horrible a protocol as NetBIOS (to cite a
particularly horrid example), but one just needs to look at that community
to see what default activation of services has done for the security
posture of Windows, for instance. It is also just one (very good) reason
classic Mac OS has had next to nothing in the way of remote security holes
... it never had any listeners enabled by default.

Thanks ... I appreciate all the information, and I hate to ask, but do you
know the answer to my previous question to the list re: where I can find
sources for the 1.3.7 kernel? I'm working on some kernel diffs, but don't
want to downgrade my kernel to install and test them.

Thanks again ...

__________________________________________________________________

Peter Bartoli
Technical Director, Security Analysis Division
SAIC Secure Business Solutions Group
10260 Campus Point Drive, Mailstop B1E, San Diego, CA 92121
__________________________________________________________________

On Mon, 23 Jul 2001, Marc Majka wrote:
> We've recently modified the startup scripts, nibindd, and netinfod to
> act a bit differently if the system only has a "local" domain, and if
> access to the local domain is not allowed to network hosts. In that
> case, we don't start nibindd, and netinfod runs in a "stand-alone"
> mode - it doesn't register its ports with nibindd. It also binds its
> ports only on the loopback address, so that clients must connect using
> the loopback address. The local domain uses a fixed port number (1033)
> so that clients don't need the services of nibindd to contact the local
> domain.
>
> The Portmap startup script avoids starting portmap (port 111) if there
> was nothing "exported" from the system. Specifically, we check if there
> are any NFS exports, if network access is allowed to the local domain,
> or if any other NetInfo domains are served by the system. If there
> are no NFS exports, and there is only a local domain which doesn't allow
> external connections (set via the "trusted_networks" property in the
> root directory), then we don't start portmap. The startup scripts can
> be controlled using the NETINFOSERVER and RPCSERVER variables in
> /etc/hostconfig. See the scripts for how these are used.
>
> ...
>
> All this means that a regular "desktop" system will not run portmap and
> nibindd, and the ports for the local domain are only accessible from the
> loopback interface.

References: 
 >Re: another netinfo security question (From: Marc Majka <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.