hi, > > All users who had problems with NIS should rebuild their > > world. Long outstanding problems have been fixed and > > rpc.yppasswdd allows root again to change passwords > > on ypmaster without knowledge of the users password. ^^^^^^^^ > Does this not create a vulnerability? > > Example: Bad Guy sets up a personal workstation with himself as root > and steals an IP address from the machine he just switched off. Now > he can change passwords on the server at will. It is only possible on the ypmaster server. And if you are root you can edit the password files directly, can't you :-) ? MartinReceived on Sun Jun 15 2003 - 04:58:19 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:11 UTC