Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 05 Nov 2001 11:06:25 +0000
From:      Matthew Seaman <matthew.seaman@tornadogroup.com>
To:        Warner Losh <imp@harmony.village.org>
Cc:        "Hartmann, O." <ohartman@klima.physik.uni-mainz.de>, AMAKAWA Shuhei <sa264@cam.ac.uk>, freebsd-stable@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG
Subject:   Re: NIS/YP problems using pw(8)
Message-ID:  <3BE672B1.2030601@tornadogroup.com>
References:  <3BD94295.24C7A9C@tornadogroup.com>  <20011025205259.W1888-100000@klima.physik.uni-mainz.de> <200111030314.fA33Ei794774@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

Warner Losh wrote:

> In message <3BD94295.24C7A9C@tornadogroup.com> Matthew Seaman writes:
> : +static int
> : +issecure(const char *etcpath)
> : +{
> : +       struct stat     stat_buf;
> : +       int             ret;
> : +       int             rc = 0;
> : +
> : +       ret = lstat(etcpath, &stat_buf);
> : +       if (ret == 0 && \
> : +           stat_buf.st_uid == 0 && \
> : +           S_ISDIR(stat_buf.st_mode) && \
> : +           (stat_buf.st_mode & (S_IWGRP|S_IWOTH)) == 0) {
> : +               rc = 1;
> : +       }
> : +       return rc;
> :  }
> 
> First, you don't need \ at the end of the line.


Ooops. I knew that, really. Too much time doing shell/perl recently.

> Second, this is racible.


Hmmm... Yes, so it is.  I should have opened the file first and used 
fstat(2) on the descriptor.

However, I didn't intend that what I wrote was any more than a 
suggestion about what might be done, not that it was suitable to go into 
  CVS.

On the wider issue, I agree entirely with Oliver's point, that pw(8) 
should be made to work effectively with the recommended setup of NIS. 
The more I think about it, the less I understand the reasoning behind 
disabling the functions that allow creation or deletion of home 
directories just because the NIS data files are in an alternate 
location.  It's not like an attacker couldn't thoroughly compromise a 
system with the bits of pw(8) tht are still left active.

	Matthew

-- 
Matthew Seaman                                              01628 498661

                 Abeo, abeo, abeo, actum est, comites!


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3BE672B1.2030601>