README for rpcbind 2.1 on Fri Apr 10 15:54:26 EDT 1998
Description
-----------
This is an rpcbind replacement with tcp wrapper style access control.
It provides a simple mechanism to discourage remote access to the NIS
(YP), NFS, and other rpc services.
This version is based on the freely-distributable tirpcsrc2.3 source
distribution, as offered for anonymous FTP from playground.sun.com.
According to the README:
TIRPCSRC 2.3 29 Aug 1994
This distribution contains SunSoft's implementation of
transport-independent RPC (TI-RPC), External Data Representation
(XDR), and various utilities and documentation. These libraries
and programs form the base of Open Network Computing (ONC), and are
derived directly from the Solaris 2.3 source.
This rpcbind release was tested by me on Solaris 2.4 and 2.6 for SPARC.
Features
--------
- host access control on IP addresses. The local host is considered
authorized. Host access control requires the libwrap.a library that
comes with recent tcp wrapper implementations.
- requests that are forwarded by the rpcbind process will be forwarded
through an unprivileged port.
- the rpcbind process refuses to forward requests to rpc daemons that
do (or should) verify the origin of the request: at present, the list
includes most of the calls to the NFS mountd/nfsd daemons and the NIS
daemons.
- the rpcbind process refuses REMOTE requests sent to high-numbered
UDP ports (instead of TCP or UDP ports 111). High-numbered ports
are opened by the rpcbind server as a side effect of other activity.
These ports could be abused to bypass packet filtering restrictions.
See the advisory (and addendum) on http://www.secnet.com/
Restrictions
------------
The host access control code looks at IP addresses only.
No protection against IP address spoofing attacks. Implementing
this protection turns out to be harder than with my version 5
portmapper replacement, and I will not work on this until I have
local access to the console of a Solaris machine. Proper router
hygiene can alleviate the IP address spoofing problem.
Limiting access to the rpcbind daemon does not protect you from direct
attacks on the rpc daemons themselves; the main task of rpcbind is to
maintain a table of available RPC services and of the network ports
that they are listening on.
On the other hand, even though rpcbind with access control only makes
an attack more difficult, it still provides an excellent early warning
system.
Installation
------------
(1) Follow the instructions in the Makefile, then build the rpcbind
executable.
(2) Terminate (kill -TERM) the running rpcbind process. With "kill
-TERM" the rpcbind daemon will save its state in files in /tmp.
If you kill the rpcbind process without saving its tables you will have
to reboot the machine.
(3) Start the new rpcbind program with the -w (warmstart) option. This
causes the program to initialize from the tables saved in step (2).
In order to revert to the original rpcbind daemon, kill off the running
one with "kill -TERM", and start the original one.
Suggested entries for the host access-control files are:
/etc/hosts.allow:
rpcbind: your.sub.net.number/your.sub.net.mask
rpcbind: 255.255.255.255 0.0.0.0
/etc/hosts.deny
rpcbind: ALL: (/some/where/safe_finger -l @%h | /bin/mail root) &
Safe_finger comes with later tcp/ip daemon wrapper releases. It gives
better protection than the standard finger command.
The syntax of the access-control files is described in the
hosts_access.5 manual page that comes with the tcp/ip daemon wrapper
(log_tcp) sources. The second line in the hosts.allow file may be
needed in case there are unconfigured systems on your network segment.
In order to avoid deadlocks, the rpcbind program does not attempt to
look up the remote host name, nor will it try to match NIS netgroups.
There is no need to specify the local system: since it runs the rpcbind
daemon, it is authorized by definition. The reason for permitting whole
networks in the hosts.allow file is that many systems produce broadcast
rpc requests when booting.
Testing:
--------
Normally, only rejected requests will be reported via the syslog
daemon. Logging is done in a child process, in order to avoid possible
deadlock in case the logging code needs assistance from the rpcbind
process.
By default, the rpcbind process will be utterly silent. In fact, the
rpcbind daemon is not consulted that often. Sending a SIGHUP signal to
the rpcbind process will enable the logging of all requests.
With verbose logging turned on, requests such as "showmount" or
"rpcinfo" should show up with log file entries such as:
MMM dd hh:mm:ss hostname rpcbind: connect from x.x.x.x to getport(mountd)
MMM dd hh:mm:ss hostname rpcbind: connect from y.y.y.y to dump()
MMM dd hh:mm:ss hostname rpcbind: connect from loopback(xxxx) to unset()
In case of IP clients, the source IP address is logged; otherwise, the
transport name and universal address are logged as transport(address).
Send another SIGHUP to the rpcbind process to turn the verbose logging off.
Acknowledgements:
-----------------
Thanks to Robert Montjoy for helping with the port of my tirpcsrc1.0
patches to the tirpcsrc2.0 environment.
Wietse Venema (wietse@wzv.win.tue.nl)
Mathematics and Computing
Science Eindhoven University of Technology
The Netherlands
A much more important factor in the social movement than those already mentioned was the ever-increasing influence of women. This probably stood at the lowest point to which it has ever fallen, during the classic age of Greek life and thought. In the history of Thucydides, so far as it forms a connected series of events, four times only during a period of nearly seventy years does a woman cross the scene. In each instance her apparition only lasts for a moment. In three of the four instances she is a queen or a princess, and belongs either to the half-barbarous kingdoms of northern Hellas or to wholly barbarous Thrace. In the one remaining instance208— that of the woman who helps some of the trapped Thebans to make their escape from Plataea—while her deed of mercy will live for ever, her name is for ever lost.319 But no sooner did philosophy abandon physics for ethics and religion than the importance of those subjects to women was perceived, first by Socrates, and after him by Xenophon and Plato. Women are said to have attended Plato’s lectures disguised as men. Women formed part of the circle which gathered round Epicurus in his suburban retreat. Others aspired not only to learn but to teach. Arêtê, the daughter of Aristippus, handed on the Cyrenaic doctrine to her son, the younger Aristippus. Hipparchia, the wife of Crates the Cynic, earned a place among the representatives of his school. But all these were exceptions; some of them belonged to the class of Hetaerae; and philosophy, although it might address itself to them, remained unaffected by their influence. The case was widely different in Rome, where women were far more highly honoured than in Greece;320 and even if the prominent part assigned to them in the legendary history of the city be a proof, among others, of its untrustworthiness, still that such stories should be thought worth inventing and preserving is an indirect proof of the extent to which feminine influence prevailed. With the loss of political liberty, their importance, as always happens at such a conjuncture, was considerably increased. Under a personal government there is far more scope for intrigue than where law is king; and as intriguers women are at least the209 equals of men. Moreover, they profited fully by the levelling tendencies of the age. One great service of the imperial jurisconsults was to remove some of the disabilities under which women formerly suffered. According to the old law, they were placed under male guardianship through their whole life, but this restraint was first reduced to a legal fiction by compelling the guardian to do what they wished, and at last it was entirely abolished. Their powers both of inheritance and bequest were extended; they frequently possessed immense wealth; and their wealth was sometimes expended for purposes of public munificence. Their social freedom seems to have been unlimited, and they formed combinations among themselves which probably served to increase their general influence.321 The old religions of Greece and Italy were essentially oracular. While inculcating the existence of supernatural beings, and prescribing the modes according to which such beings were to be worshipped, they paid most attention to the interpretation of the signs by which either future events in general, or the consequences of particular actions, were supposed to be divinely revealed. Of these intimations, some were given to the whole world, so that he who ran might read, others were reserved for certain favoured localities, and only communicated through the appointed ministers of the god. The Delphic oracle in particular enjoyed an enormous reputation both among Greeks and barbarians for guidance afforded under the latter conditions; and during a considerable period it may even be said to have directed the course of Hellenic civilisation. It was also under this form that supernatural religion suffered most injury from the great intellectual movement which followed the Persian wars. Men who had learned to study the constant sequences of Nature for themselves, and to shape their conduct according to fixed principles of prudence or of justice, either thought it irreverent to trouble the god about questions on which they were competent to form an opinion for themselves, or did not choose to place a well-considered scheme at the mercy of his possibly interested responses. That such a revolution occurred about the middle of the fifth century B.C., seems proved by the great change of tone in reference to this subject which one perceives on passing from Aeschylus to Sophocles. That anyone should question the veracity of an oracle is a supposition which never crosses the mind of the elder dramatist. A knowledge of augury counts among the greatest benefits222 conferred by Prometheus on mankind, and the Titan brings Zeus himself to terms by his acquaintance with the secrets of destiny. Sophocles, on the other hand, evidently has to deal with a sceptical generation, despising prophecies and needing to be warned of the fearful consequences brought about by neglecting their injunctions. The stranger had a pleasant, round face, with eyes that twinkled in spite of the creases around them that showed worry. No wonder he was worried, Sandy thought: having deserted the craft they had foiled in its attempt to get the gems, the man had returned from some short foray to discover his craft replaced by another. “Thanks,” Dick retorted, without smiling. When they reached him, in the dying glow of the flashlight Dick trained on a body lying in a heap, they identified the man who had been warned by his gypsy fortune teller to “look out for a hidden enemy.” He was lying at full length in the mould and leaves. "But that is sport," she answered carelessly. On the retirement of Townshend, Walpole reigned supreme and without a rival in the Cabinet. Henry Pelham was made Secretary at War; Compton Earl of Wilmington Privy Seal. He left foreign affairs chiefly to Stanhope, now Lord Harrington, and to the Duke of Newcastle, impressing on them by all means to avoid quarrels with foreign Powers, and maintain the blessings of peace. With all the faults of Walpole, this was the praise of his political system, which system, on the meeting of Parliament in the spring of 1731, was violently attacked by Wyndham and Pulteney, on the plea that we were making ruinous treaties, and sacrificing British interests, in order to benefit Hanover, the eternal millstone round the neck of England. Pulteney and Bolingbroke carried the same attack into the pages of The Craftsman, but they failed to move Walpole, or to shake his power. The English Government, instead of treating Wilkes with a dignified indifference, was weak enough to show how deeply it was touched by him, dismissed him from his commission of Colonel of the Buckinghamshire Militia, and treated Lord Temple as an abettor of his, by depriving him of the Lord-Lieutenancy of the same county, and striking his name from the list of Privy Councillors, giving the Lord-Lieutenancy to Dashwood, now Lord Le Despencer. "I tell you what I'll do," said the Deacon, after a little consideration. "I feel as if both Si and you kin stand a little more'n you had yesterday. I'll cook two to-day. We'll send a big cupful over to Capt. McGillicuddy. That'll leave us two for to-morrer. After that we'll have to trust to Providence." "Indeed you won't," said the Surgeon decisively. "You'll go straight home, and stay there until you are well. You won't be fit for duty for at least a month yet, if then. If you went out into camp now you would have a relapse, and be dead inside of a week. The country between here and Chattanooga is dotted with the graves of men who have been sent back to the front too soon." "Adone do wud that—though you sound more as if you wur in a black temper wud me than as if you pitied me." "Wot about this gal he's married?" "Don't come any further." "Davy, it 'ud be cruel of us to go and leave him." "Insolent priest!" interrupted De Boteler, "do you dare to justify what you have done? Now, by my faith, if you had with proper humility acknowledged your fault and sued for pardon—pardon you should have had. But now, you leave this castle instantly. I will teach you that De Boteler will yet be master of his own house, and his own vassals. And here I swear (and the baron of Sudley uttered an imprecation) that, for your meddling knavery, no priest or monk shall ever again abide here. If the varlets want to shrieve, they can go to the Abbey; and if they want to hear mass, a priest can come from Winchcombe. But never shall another of your meddling fraternity abide at Sudley while Roland de Boteler is its lord." "My lord," said Edith, in her defence, "this woman has sworn falsely. The medicine I gave was a sovereign remedy, if given as I ordered. Ten drops would have saved the child's life; but the contents of the phial destroyed it. The words I uttered were prayers for the life of the child. My children, and all who know me, can bear witness that I have a custom of asking His blessing upon all I take in hand. I raised my eyes towards heaven, and muttered words; but, my lord, they were words of prayer—and I looked up as I prayed, to the footstool of the Lord. But it is in vain to contend: the malice of the wicked will triumph, and Edith Holgrave, who even in thought never harmed one of God's creatures, must be sacrificed to cover the guilt, or hide the thoughtlessness of another." "Aye, Sir Treasurer, thou hast reason to sink thy head! Thy odious poll-tax has mingled vengeance—nay, blood—with the cry of the bond." HoME古一级毛片免费观看
ENTER NUMBET 0017
www.xite5.com.cn
daxu3.com.cn
zhuanyila.com.cn
pohuaiba.com.cn
www.cita2.com.cn
www.baiqu2.com.cn
50173.com.cn
www.gaoqu4.com.cn
qinzi3.com.cn
999otc.org.cn