hi,
> > All users who had problems with NIS should rebuild their
> > world. Long outstanding problems have been fixed and
> > rpc.yppasswdd allows root again to change passwords
> > on ypmaster without knowledge of the users password.
^^^^^^^^
> Does this not create a vulnerability?
>
> Example: Bad Guy sets up a personal workstation with himself as root
> and steals an IP address from the machine he just switched off. Now
> he can change passwords on the server at will.
It is only possible on the ypmaster server. And if you are root
you can edit the password files directly, can't you :-) ?
Martin
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
