1 # @(#) Makefile.shlib 1.1 96/07/06 23:00:53
3 # Warning: don't do this unless you are really desperate!!
5 # Makefile to build a shared object that forces RPC servers to register
6 # and unregister with the portmapper through the loopback interface
7 # instead of via the primary network interface address.
9 # This is a desperate attempt to prevent an attacker from using source
10 # address spoofing to manipulate your portmapper tables. For this to be
11 # effective you need to build the portmapper with -DLOOPBACK_SETUNSET,
12 # and you need to disable IP source routing in the UNIX kernel.
14 # Quick summary of what to do to trick your rpc servers into cooperation:
16 # 1 - In the text below, uncomment the SH_CC and SH_LD definitions that are
17 # appropriate for your environment. Then type:
19 # make -f Makefile.shcc
21 # 2 - Install the get_myaddress.so shared object in a suitable place, for
22 # example in the /usr/local/lib directory.
24 # 3 - Edit your system startup files so that the rpc servers use the
25 # get_myaddress.so shared object. For several environments, the text below
26 # gives an example in bourne-shell syntax of how how to start an rpc server.
29 # /bin/sh syntax: LD_PRELOAD=/some/where/get_myaddress.so rpcserver...
31 SH_LD = ld -assert pure-text
34 # /bin/sh syntax: LD_PRELOAD=/some/where/get_myaddress.so rpcserver...
36 #SH_LD = ld -Bshareable
39 # /bin/sh syntax: _RLD_LIST=/some/where/get_myaddress.so:DEFAULT rpcserver...
43 # Build the shared object
44 get_myaddress.so: get_myaddress.c
45 $(SH_CC) -c get_myaddress.c
46 $(SH_LD) -o get_myaddress.so get_myaddress.o