Date: Mon, 11 Sep 2000 22:35:09 -0500 From: "Peter Avalos" <pavalos@theshell.com> To: <freebsd-security@freebsd.org> Subject: ypserv giving out encrypted passwords Message-ID: <AAEMIFFLKPKLAOJHJANHOEKECEAA.pavalos@theshell.com>
next in thread | raw e-mail | index | archive | help
I'm running ypserv as a slave and ypbind on a 4.1-S machine.
Snip from ypserv(8) manpage:
To make up for this, the FreeBSD version of ypserv handles the
master.passwd.byname and master.passwd.byuid maps in a special way.
When
the server receives a request to access either of these two maps, it
will
check the TCP port from which the request originated and return an
error
if the port number is greater than 1023. Since only the superuser is
al-
lowed to bind to TCP ports with values less than 1024, the server can
use
this test to determine whether or not the access request came from a
privileged user. Any requests made by non-privileged users are
therefore
rejected.
This sounds like a wonderful thing, but why only tcp? I don't want people to
ypcat master.passwd and get all the encrypted passwords on my system. I
verified that a ypmatch uses udp on a port >1023 witch tcpdump:
ypmatch pavalos master.passwd
pavalos:*SNIPPED*:501:1000::0:0:pavalos:/usr/home/prm/pavalos:/bin/bash
06:35:27.149969 lithium.theshell.com.stun-port > lithium.theshell.com.778:
udp 88
06:35:27.150136 lithium.theshell.com.778 > lithium.theshell.com.stun-port:
udp 108
stun-port 1994/udp #cisco serial tunnel port
So my question is: Is this a configuration error, or a 'feature' (bug)?
Thanks,
Peter Avalos
TheShell.com
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/ED/B d-(+) s:+> a-- C++$ UBLO++++$ P+ L++++ E- W+ N+ o? K? w(++) !O M-
V- PS+ PE++ Y+ PGP++ t+@ 5 X- R- tv+ b++ DI- D-- G e>+++ h-- r++ y++
------END GEEK CODE BLOCK------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AAEMIFFLKPKLAOJHJANHOEKECEAA.pavalos>