From owner-freebsd-current@FreeBSD.ORG Sun Jun 15 06:58:19 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C65737B401 for ; Sun, 15 Jun 2003 06:58:19 -0700 (PDT) Received: from mail.imp.ch (mail.imp.ch [157.161.1.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id C8D9543F85 for ; Sun, 15 Jun 2003 06:58:17 -0700 (PDT) (envelope-from mb@imp.ch) Received: from cvs.imp.ch (cvs.imp.ch [157.161.4.9]) by mail.imp.ch (8.12.6p2/8.12.3) with ESMTP id h5FDwEEU024292; Sun, 15 Jun 2003 15:58:15 +0200 (CEST) (envelope-from Martin.Blapp@imp.ch) Date: Sun, 15 Jun 2003 15:58:14 +0200 (CEST) From: Martin Blapp To: Mark Murray In-Reply-To: <200306151329.h5FDThHh077681@grimreaper.grondar.org> Message-ID: <20030615155659.U60004@cvs.imp.ch> References: <200306151329.h5FDThHh077681@grimreaper.grondar.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: current@freebsd.org Subject: Re: HEADS UP: rpc.yppasswdd working again X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jun 2003 13:58:19 -0000 hi, > > All users who had problems with NIS should rebuild their > > world. Long outstanding problems have been fixed and > > rpc.yppasswdd allows root again to change passwords > > on ypmaster without knowledge of the users password. ^^^^^^^^ > Does this not create a vulnerability? > > Example: Bad Guy sets up a personal workstation with himself as root > and steals an IP address from the machine he just switched off. Now > he can change passwords on the server at will. It is only possible on the ypmaster server. And if you are root you can edit the password files directly, can't you :-) ? Martin