HEADS UP: rpc.yppasswdd working again

[Martin Blapp]

hi,

> > All users who had problems with NIS should rebuild their
> > world. Long outstanding problems have been fixed and
> > rpc.yppasswdd allows root again to change passwords
> > on ypmaster without knowledge of the users password.

       ^^^^^^^^

> Does this not create a vulnerability?
>
> Example: Bad Guy sets up a personal workstation with himself as root
> and steals an IP address from the machine he just switched off. Now
> he can change passwords on the server at will.

It is only possible on the ypmaster server. And if you are root
you can edit the password files directly, can't you :-) ?

Martin