From owner-freebsd-hackers Fri May 12 12:19:42 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 8CA9E37B525; Fri, 12 May 2000 12:19:37 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id NAA64747; Fri, 12 May 2000 13:19:35 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id NAA13182; Fri, 12 May 2000 13:19:07 -0600 (MDT) Message-Id: <200005121919.NAA13182@harmony.village.org> To: nsayer@freebsd.org Subject: Re: rexec as root Cc: freebsd-hackers@freebsd.org In-reply-to: Your message of "Fri, 12 May 2000 11:19:29 PDT." <391C4B31.4B1DB762@sftw.com> References: <391C4B31.4B1DB762@sftw.com> <391C12B5.E5A2DCD3@quack.kfu.com> <200005121731.LAA12588@harmony.village.org> Date: Fri, 12 May 2000 13:19:07 -0600 From: Warner Losh Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <391C4B31.4B1DB762@sftw.com> Nick Sayer writes: : Warner Losh wrote: : : > [...] In the absense of this : > test, machines in a yp netowrk would be extremely vulnerable to root : > uid penetration when an intruder can hack the yp database, or spoof : > replies. : : Ok. How about adding an rexecd command line flag to disable : that test (with suitable warnings in the man page)? I'd be all for a "make this insanely insecure protocol even more insecure because security doesn't matter to my setup" flag. So long as it isn't default :-) Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message