From owner-freebsd-security Mon Sep 11 20:32:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from theshell.com (arsenic.theshell.com [63.236.138.5]) by hub.freebsd.org (Postfix) with SMTP id B53E337B42C for ; Mon, 11 Sep 2000 20:32:17 -0700 (PDT) Received: (qmail 32689 invoked from network); 12 Sep 2000 03:32:17 -0000 Received: from arsenic.theshell.com (HELO tequila) (root@63.236.138.5) by arsenic.theshell.com with SMTP; 12 Sep 2000 03:32:17 -0000 From: "Peter Avalos" To: Subject: ypserv giving out encrypted passwords Date: Mon, 11 Sep 2000 22:35:09 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm running ypserv as a slave and ypbind on a 4.1-S machine. Snip from ypserv(8) manpage: To make up for this, the FreeBSD version of ypserv handles the master.passwd.byname and master.passwd.byuid maps in a special way. When the server receives a request to access either of these two maps, it will check the TCP port from which the request originated and return an error if the port number is greater than 1023. Since only the superuser is al- lowed to bind to TCP ports with values less than 1024, the server can use this test to determine whether or not the access request came from a privileged user. Any requests made by non-privileged users are therefore rejected. This sounds like a wonderful thing, but why only tcp? I don't want people to ypcat master.passwd and get all the encrypted passwords on my system. I verified that a ypmatch uses udp on a port >1023 witch tcpdump: ypmatch pavalos master.passwd pavalos:*SNIPPED*:501:1000::0:0:pavalos:/usr/home/prm/pavalos:/bin/bash 06:35:27.149969 lithium.theshell.com.stun-port > lithium.theshell.com.778: udp 88 06:35:27.150136 lithium.theshell.com.778 > lithium.theshell.com.stun-port: udp 108 stun-port 1994/udp #cisco serial tunnel port So my question is: Is this a configuration error, or a 'feature' (bug)? Thanks, Peter Avalos TheShell.com -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS/ED/B d-(+) s:+> a-- C++$ UBLO++++$ P+ L++++ E- W+ N+ o? K? w(++) !O M- V- PS+ PE++ Y+ PGP++ t+@ 5 X- R- tv+ b++ DI- D-- G e>+++ h-- r++ y++ ------END GEEK CODE BLOCK------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message