From owner-freebsd-hackers Fri May 12 10:32:23 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 0CC7937BEDC for ; Fri, 12 May 2000 10:32:16 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id LAA63919; Fri, 12 May 2000 11:32:14 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id LAA12588; Fri, 12 May 2000 11:31:47 -0600 (MDT) Message-Id: <200005121731.LAA12588@harmony.village.org> To: Nick Sayer Subject: Re: rexec as root Cc: hackers@FreeBSD.ORG In-reply-to: Your message of "Fri, 12 May 2000 07:18:29 PDT." <391C12B5.E5A2DCD3@quack.kfu.com> References: <391C12B5.E5A2DCD3@quack.kfu.com> Date: Fri, 12 May 2000 11:31:47 -0600 From: Warner Losh Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <391C12B5.E5A2DCD3@quack.kfu.com> Nick Sayer writes: : I put it to everyone that the first and third checks are equivalent and : redundant. They are not redundant. They provide a little (although not much) extra security for those sites that have had a root account added by intruders which the admin know nothing of. In the absense of this test, machines in a yp netowrk would be extremely vulnerable to root uid penetration when an intruder can hack the yp database, or spoof replies. OK, so that's a weak wall for a weak protocol, but I'm pretty sure why the extra check for uid 0 is in there. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message