From owner-freebsd-current@FreeBSD.ORG  Sun Jun 15 06:30:03 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DFC7F37B401
	for <current@freebsd.org>; Sun, 15 Jun 2003 06:30:03 -0700 (PDT)
Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DF40C43FAF
	for <current@freebsd.org>; Sun, 15 Jun 2003 06:30:02 -0700 (PDT)
	(envelope-from mark@grondar.org)
Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1])
	by storm.FreeBSD.org.uk (8.12.9/8.12.9) with ESMTP id h5FDU11f040335;
	Sun, 15 Jun 2003 14:30:01 +0100 (BST)
	(envelope-from mark@grondar.org)
Received: (from Ugrondar@localhost)h5FDU1WB040334;
	Sun, 15 Jun 2003 14:30:01 +0100 (BST)
X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to
	mark@grondar.org using -f
Received: from grondar.org (localhost [127.0.0.1])h5FDThHh077681;
	Sun, 15 Jun 2003 14:29:43 +0100 (BST)
	(envelope-from mark@grondar.org)
From: Mark Murray <mark@grondar.org>
Message-Id: <200306151329.h5FDThHh077681@grimreaper.grondar.org>
To: Martin Blapp <mb@imp.ch>
In-Reply-To: Your message of "Sun, 15 Jun 2003 12:50:03 +0200."
             <20030615124438.U60004@cvs.imp.ch> 
Date: Sun, 15 Jun 2003 14:29:43 +0100
Sender: mark@grondar.org
X-Spam-Status: No, hits=1.2 required=5.0
	tests=EMAIL_ATTRIBUTION,FROM_NO_LOWER,IN_REP_TO
	version=2.55
X-Spam-Level: *
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
cc: current@freebsd.org
Subject: Re: HEADS UP: rpc.yppasswdd working again 
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jun 2003 13:30:04 -0000

Martin Blapp writes:
> 
> Small, but important message for NIS users.
> 
> All users who had problems with NIS should rebuild their
> world. Long outstanding problems have been fixed and
> rpc.yppasswdd allows root again to change passwords
> on ypmaster without knowledge of the users password.

Does this not create a vulnerability?

Example: Bad Guy sets up a personal workstation with himself as root
and steals an IP address from the machine he just switched off. Now
he can change passwords on the server at will.

M
--
Mark Murray
iumop ap!sdn w,I idlaH