From owner-freebsd-hackers Fri May 12 11:19:27 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from guardian.sftw.com (guardian.sftw.com [209.157.37.25]) by hub.freebsd.org (Postfix) with ESMTP id 7A46E37B82C for ; Fri, 12 May 2000 11:19:25 -0700 (PDT) (envelope-from nsayer@sftw.com) Received: from yoda.sftw.com (yoda.sftw.com [209.157.37.211]) by guardian.sftw.com (8.9.3/8.9.3) with ESMTP id LAA18422; Fri, 12 May 2000 11:19:24 -0700 (PDT) (envelope-from nsayer@sftw.com) Received: from sftw.com (localhost [127.0.0.1]) by yoda.sftw.com (8.9.3/8.9.3) with ESMTP id LAA65042; Fri, 12 May 2000 11:19:30 -0700 (PDT) (envelope-from nsayer@sftw.com) Message-ID: <391C4B31.4B1DB762@sftw.com> Date: Fri, 12 May 2000 11:19:29 -0700 From: Nick Sayer Reply-To: nsayer@freebsd.org X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Warner Losh , freebsd-hackers@freebsd.org Subject: Re: rexec as root References: <391C12B5.E5A2DCD3@quack.kfu.com> <200005121731.LAA12588@harmony.village.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Warner Losh wrote: > [...] In the absense of this > test, machines in a yp netowrk would be extremely vulnerable to root > uid penetration when an intruder can hack the yp database, or spoof > replies. Ok. How about adding an rexecd command line flag to disable that test (with suitable warnings in the man page)? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message