Re: securityhole /proc/sys/kernel/domainname

Snow Cat (oleg@math.csufresno.edu)
Tue, 20 Feb 1996 10:10:36 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Julia Anne Case: "TCP Ports..."
Previous message: Ulrich Windl: "Re: CVS, Linus, and us"

>From the keyboard of Christoph Lameter:
>
> : > Why would I make it accessible via bootp?
> : > And /var/yp is only accessible by root on my system.
>
> : getdomainname(2) needs no root privileges. And I still dont think a NIS
> : Domainname is a good Password. Please simply use secure NIS implementations.
> Even with a secure NIS implementation a user on a host in the domain
> can simply do a
>
> ypcat passwd
>
> to get at the passwords. If the getdomainname() call would require root priviledges
> then the ypcat would not be possible.
>
> Is there any reason why a regular user process would need getdomainname()?
>

Yeah, if you type cd ~user in bash, it will call getpwnam() that must do the
same thing as "ypcat passwd". If you configure Elm to access YP accounts, it
will even run "ypcat passwd" directly.

The only solutions I see is either shadow passwords + authnication daemon
(but if someone can spy on network traffic, s\he can decode RPC calls and
get all your passwords) or more secure hash function that allows longer
passwords, such as MD5.

Next message: Julia Anne Case: "TCP Ports..."
Previous message: Ulrich Windl: "Re: CVS, Linus, and us"