5.284. rpcbind
Enhanced rpcbind packages that add one enhancement are now available for Red Hat Enterprise Linux 6.
The rpcbind utility maps RPC (Remote Procedure Call) services to the ports on which the services listen and allows the host to make RPC calls to the RPC server.
Enhancement
- BZ#726954
- The rpcbind tool did not drop supplementary groups and the groups remained available after rpcbind downgraded from root-group privileges. As a security hardening measure, rpcbind now drops root privileges correctly, running as a non-root user after it has bound to its privileged network port.
Users of rpcbind are advised to upgrade to these enhanced packages, which add this enhancement.
5.284.2. RHBA-2013:1453 — rpcbind bug fix
Updated rpcbind packages that fix one bug are now available for Red Hat Enterprise Linux 6 Extended Update Support.
The rpcbind utility maps RPC (Remote Procedure Call) services to the ports on which the services listen and allows the host to make RPC calls to the RPC server.
Bug Fix
- BZ#858573
- Previously, in the insecure mode, which enables non-root users to set or unset ports, a privileged port was required. As only root users can obtain a privileged port, non-root users could not set or unset ports. To fix this bug, the privileged port has been removed, and thus non-root users are now allowed to set or unset ports on the loopback interface.
All users of rpcbind are advised to upgrade to these updated packages, which fix this bug.