HEADS UP: rpc.yppasswdd working again
Martin Blapp
mb at imp.ch
Sun Jun 15 06:58:19 PDT 2003
hi,
> > All users who had problems with NIS should rebuild their
> > world. Long outstanding problems have been fixed and
> > rpc.yppasswdd allows root again to change passwords
> > on ypmaster without knowledge of the users password.
^^^^^^^^
> Does this not create a vulnerability?
>
> Example: Bad Guy sets up a personal workstation with himself as root
> and steals an IP address from the machine he just switched off. Now
> he can change passwords on the server at will.
It is only possible on the ypmaster server. And if you are root
you can edit the password files directly, can't you :-) ?
Martin
More information about the freebsd-current
mailing list