From owner-freebsd-bugs Mon Dec 2 11:23:24 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA07158 for bugs-outgoing; Mon, 2 Dec 1996 11:23:24 -0800 (PST) Received: (from wpaul@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA07145; Mon, 2 Dec 1996 11:23:22 -0800 (PST) Date: Mon, 2 Dec 1996 11:23:22 -0800 (PST) From: Bill Paul Message-Id: <199612021923.LAA07145@freefall.freebsd.org> To: proff@suburbia.net, wpaul, freebsd-bugs Subject: Re: bin/2135 Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Synopsis: It is not possible to compile libc (et al) without -DYP State-Changed-From-To: open-analyzed State-Changed-By: wpaul State-Changed-When: Mon Dec 2 11:14:35 PST 1996 State-Changed-Why: I'll look into this, though if you could point out exactly where the build of libc fails without -DYP, it would help. Also, I have a question: FreeBSD uses only DNS and /etc/hosts for gethostby*() by default (the /etc/host.conf that comes with the OS only specifies 'hosts' and 'bind'; 'nis' is commented out). This means that the host lookup functions don't use YP in the first place. The only way to change this is if root edits /etc/host.conf. What extra security are you hoping to gain by compiling libc without YP support? The only way to enable YP now is to break root, and if an attacker does that then you're already in trouble anyway. -Bill