Wind River Support Network

HomeDefectsLIN5-19244
Fixed

LIN5-19244 : wrlinux 5 rpcbind not running as non-privileged user

Created: Aug 14, 2014    Updated: Dec 19, 2017
Resolved Date: Aug 14, 2014
Found In Version: 5.0.1.17
Fix Version: 5.0.1.18
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

in wrlinux 5, rpcbind is running as root: root:root
this could be considered as a vulnerability.
in wrlinux 3, portmap was running as rpc:rpc

Steps to Reproduce

configure a project with:
--enable-board=qemux86-64 --enable-build=production --enable-kernel=cgl --enable-rootfs=glibc_cgl --enable-ccache=no --enable-jobs=24 --enable-parallel-pkgbuilds=24 --enable-reconfig --enable-rm-work=no --with-template=feature/openssl101e --enable-doc-pages=target --with-rcpl-version=0017

build & deploy

    console output:
      root@qemu0:~# ps -eo user,group,comm | grep rpc
      root     root     rpciod
      root     root     rpcbind
      rpcuser  root     rpc.statd
      root     root     rpc.idmapd

Other Downloads


Live chat
Online