From owner-freebsd-hackers  Wed May 15 01:40:08 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id BAA15051
          for hackers-outgoing; Wed, 15 May 1996 01:40:08 -0700 (PDT)
Received: from mail.rwth-aachen.de (mail.RWTH-Aachen.DE [137.226.144.9])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id BAA14959
          for <freebsd-hackers@freefall.FreeBSD.org>; Wed, 15 May 1996 01:40:00 -0700 (PDT)
Received: from gilberto.physik.rwth-aachen.de (gilberto.physik.rwth-aachen.de)
 by mail.rwth-aachen.de (PMDF V5.0-4 #13110)
 id <01I4QC2U9K1C000VNY@mail.rwth-aachen.de> for
 freebsd-hackers@freefall.FreeBSD.org; Wed, 15 May 1996 10:18:27 +0100
Received: (from kuku@localhost) by gilberto.physik.rwth-aachen.de
 (8.6.11/8.6.9) id KAA08297 for freebsd-hackers@freefall.cdrom.com; Wed,
 15 May 1996 10:25:43 +0200
Date: Wed, 15 May 1996 10:25:43 +0200
From: "Christoph P. Kukulies" <kuku@gilberto.physik.rwth-aachen.de>
Subject: yppasswdd permissions/ownership
To: freebsd-hackers@freefall.FreeBSD.org
Message-id: <199605150825.KAA08297@gilberto.physik.rwth-aachen.de>
Content-transfer-encoding: 7BIT
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


We want to allow our NIS users on the clients to set their yp passwords.
Since /etc/master.passwd is rw------- root wheel and yppasswdd runs
as bin bin it seems to me impossible to change the master password database.

Shouldn't yppasswdd better be run as 4755 root bin ? Or is this
a potential security hole?

--Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de