Package: nfs-common
Version: 1:2.8.3-1
Severity: grave

Dear mainteners,

In order to increase (a little !) security, and as defined into http://wiki.debian.org/SecuringNFS, it is a good practice to defined one
static port for nfs-stad daemon.

This feature is available in the man. Furthermore, it is implemented
into /etc/default/nfs-common into variable STATDOPTS.

But is seems that /etc/init/nfs-common script has forgotten to use this variable when launching daemon. As a result it is not possible to change
ANY option available for this daemon.


On debian bookwoorm, it works.
Find following diff bettween Bookworm and Trixie

diff /tmp/nfs-common-trixie /tmp/nfs-common-bookworm
22a23

RPCGSSDOPTS=

30c31
< [ -x /usr/sbin/rpc.statd ] || exit 0
---

[ -x /sbin/rpc.statd ] || exit 0

42c43
< while read -r DEV _ _ OPTS _
---

while read DEV MTPT FSTYPE OPTS REST

89c90
< if [ -x /sbin/modprobe ] && [ -f /proc/modules ]
---

if [ -x /sbin/modprobe -a -f /proc/modules ]

136c137
< --exec /usr/sbin/rpc.statd
---

--exec /sbin/rpc.statd -- $STATDOPTS

Best regards
--
-- Jean-Marc LACROIX () --
-- mailto : jeanmarc.lacroix@free.fr --

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Jean-Marc,

* Jean-Marc LACROIX <jeanmarc.lacroix@free.fr> [2025-07-27 23:43]:

In order to increase (a little !) security, and as defined into >http://wiki.debian.org/SecuringNFS, it is a good practice to defined
one static port for nfs-stad daemon.

This feature is available in the man. Furthermore, it is implemented
into /etc/default/nfs-common into variable STATDOPTS.

But is seems that /etc/init/nfs-common script has forgotten to use
this variable when launching daemon. As a result it is not possible to >change ANY option available for this daemon.

On debian bookwoorm, it works.
Find following diff bettween Bookworm and Trixie

diff /tmp/nfs-common-trixie /tmp/nfs-common-bookworm
22a23

RPCGSSDOPTS=

30c31
< [ -x /usr/sbin/rpc.statd ] || exit 0
---

[ -x /sbin/rpc.statd ] || exit 0

42c43
< while read -r DEV _ _ OPTS _
---

while read DEV MTPT FSTYPE OPTS REST

89c90
< if [ -x /sbin/modprobe ] && [ -f /proc/modules ]
---

if [ -x /sbin/modprobe -a -f /proc/modules ]

136c137
< --exec /usr/sbin/rpc.statd
---

--exec /sbin/rpc.statd -- $STATDOPTS

This is no longer supported as stated in the NEWS file:

https://salsa.debian.org/kernel-team/nfs-utils/-/blob/debian/latest/debian/nfs-common.NEWS?ref_type=heads

The complete removal was done here:

https://salsa.debian.org/kernel-team/nfs-utils/-/commit/6824312704bc066b5867b9777695e46cce52dcbc

So maybe this needs an other NEWS entry and/or mention in the
release-notes.

Cheers Jochen

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAmiHBrEACgkQW//cwljm lDOsexAAkdwcWnqb79blg8XPd3Vu60tKvv+ONBA6V5aSSjVRZ2sydB2XttH8l+AI jxZujGzOVLk2IpHch9jLq6F9Fdgh+lBLDDHFt6MYVP3cvKYIamSskLF3+7q2q3Vy 1k5PxLt3hlsT9a5w2axix7ZCZ0Q/cRNBlSPy+EcxT9vRbbi8cnTSqs6VkIQOg3vp rFyU81Y9I+OIk14T8GAlzI/vOXbq1x/ysg4VXrxxex2eGGdZNIsa+X9R/SrywksC //PpA2uZ5OmZ9Sg8ZaIlbYuyFypKyCCHd5U8ecyIzjhz5ynjdxxxTz752arRbyk8 OEuiIdWf5jkybGSRfbuEMvwHpcU1Awwk8ydWyBiTMNJpZ3TMkh8cBzLy5whT/Zwr haVQjN7D2ptUtY7y8yfrtTuQy0GDLVwoJgLc5sFvB5eZex3eFpG033rzoQpN3a/9 e8LXNuTIENTX0aQAHVMopymc3gS0hHxBX2AqQvQ58Vg3nvZ76G//+HvSVdBE9c/S r3yavpX1fiZADGVXX8g2CtS+uB9E83yItCLCVQx+qKs0rDDw+UmN6plq+zG8Kufy BTkolxo6jMOleTxXSZ7WtYYKklDdBDWmQzl0I5rpC/2RuHOozT3PPNu9b2RSvwzz k3Uuzfc996j3V4ySBl5/BCLwCAuLUen+5xSfD6fYAbFjP8kafJw=
=nPkx
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)